What Is Role-Based Access Control?

Role-based access control (RBAC) means that resources and privileges from different target systems are grouped together and linked to the associated organizational units. This connection produces different roles (commonly referred to as business roles) containing standard privileges. These roles are then assigned to users and control user access to any resources within the company (access control). In tenfold, roles are referred to as “profiles“.

Advantages (CIOs, CISOs, IT Managers)

  • Only essential privileges are granted (POLP)

  • Compliance fulfilled thanks to implementation of POLP

  • Improvement of data security because privileges are revoked as soon as they are no longer needed

Advantages (IT Admins & Infrastructure)

  • Standard privileges are assigned and revoked automatically

  • Elimination of reference users

  • Automatic implementation in Active Directory and other systems saves time

What Are the Advantages of Role-Based Privileges?

tenfold uses RBAC to standardize and automate the process of assigning privileges in organizations. This approach to user management saves time and is highly efficient because the software is able to assign standard rights and withdraw them again when user attributes (e.g. position or department) change. Such joiner-mover-leaver processes are an integral part of tenfold‘s user lifecycle management concept.

Screenshot of tenfold's profile/role function screen.

Are All Privileges Role-Based?

No. Roles only cover the standard rights shared by certain organizational units (e.g. departments or teams). Additional or special rights, which are not covered by roles, can be requested via self-service and must be approved by the responsible data owner (e.g. manager) as part of an approval workflow.

In tenfold, privileges are assigned on the basis of roles. This means users are assigned one or more business roles and the standard privileges associated with these roles are then assigned and withdrawn automatically.

How Are Roles Defined?

The first time the software is launched, tenfold‘s profile wizard conducts a statistical analysis (whereby it works bottom-up) to determine the correlation between users/resources and the structure of your organization and uses the information gathered to deduce the required roles (role mining). This process is carried out according to the principle of least privilege.

Screenshot of tenfold's profile/role function screen.

Can Roles Be Customized?

If a standard rights changes (e.g. because a new privilege is added), the business role can simply be modified. The modification can then be applied to all users who have been assigned this role. You can also assign several roles to one user, for instance if you wish to equip multiple attributes (e.g., department, location, position) with standard privileges.

Screenshot of tenfold's profile/role function screen.

Would you like to experience tenfold LIVE?

Sign up now for our product demo!
tenfold – Simple. Secure. Ready to go.