Skip to content
E
ERPResearch

What is RBAC (Role-Based Access Control)?

RBAC restricts what users can see and do by assigning permissions to roles and then assigning users to those roles.

Definition

Role-Based Access Control (RBAC) is a security model in which permissions are grouped into roles that reflect job functions, and users are granted access by being assigned to one or more roles rather than receiving individual permissions. This makes access management scalable and consistent, because changing a role updates access for everyone who holds it. RBAC supports the principle of least privilege, ensuring people can only access what their job requires. It is a cornerstone of enterprise security and regulatory compliance.

How RBAC Works in ERP

ERP systems use RBAC to control access to sensitive functions and data, such as posting journal entries, approving payments, or viewing payroll, by defining roles like accounts-payable clerk or controller. Administrators assign users to roles, and the ERP enforces what each user can view and change. RBAC also underpins segregation of duties, preventing one person from controlling an entire risky process such as both creating and paying a vendor. Combined with audit logs, it provides both prevention and traceability for compliance.

ERP Vendors with Strong RBAC

Frequently Asked Questions

What is segregation of duties in ERP?

Segregation of duties is a control, often enforced through RBAC, that prevents a single user from performing conflicting tasks such as creating a vendor and approving its payments, reducing the risk of fraud and error.

How is RBAC different from giving users individual permissions?

RBAC assigns permissions to roles and users to roles, so access is consistent and easy to update across many people, whereas granting individual permissions becomes error-prone and hard to audit at scale.

Related Terms