Roles

What Is Role-Based Access Control?

Role-based access control (RBAC) means that resources and privileges from different target systems are grouped together and linked to the associated organizational units. This connection produces different roles (commonly referred to as business roles) containing standard privileges. These roles are then assigned to users and control user access to any resources within the company (access control). In tenfold, roles are referred to as “profiles“.

Advantages (CIOs, CISOs, IT Managers)

  • Only essential privileges are granted (POLP)

  • Compliance fulfilled thanks to implementation of POLP

  • Improvement of data security because privileges are revoked as soon as they are no longer needed

Advantages (IT Admins & Infrastructure)

  • Standard privileges are assigned and revoked automatically

  • Elimination of reference users

  • Automatic implementation in Active Directory and other systems saves time

What Are the Advantages of Role-Based Privileges?

tenfold uses RBAC to standardize and automate the process of assigning privileges in organizations. This approach to user management saves time and is highly efficient because the software is able to assign standard rights and withdraw them again when user attributes (e.g. position or department) change. Such joiner-mover-leaver processes are an integral part of tenfold‘s user lifecycle management concept.

Are All Privileges Role-Based?

No. Roles only cover the standard rights shared by certain organizational units (e.g. departments or teams). Additional or special rights, which are not covered by roles, can be requested via self-service and must be approved by the responsible data owner (e.g. manager) as part of an approval workflow.

How Are Roles Defined?

The first time the software is launched, tenfold‘s profile wizard conducts a statistical analysis (whereby it works bottom-up) to determine the correlation between users/resources and the structure of your organization and uses the information gathered to deduce the required roles (role mining). This process is carried out according to the principle of least privilege.

Are Roles Customizable?

If a standard right changes (e.g. because a new privilege is added), the business role can simply be modified. This modification can then be applied to all users who have been assigned this role. You can also assign several roles to one user, for example if you want to equip multiple attributes (e.g., department, location, position) with standard privileges.

See tenfold In Action!

Experience tenfold live with our video overview
and see how easy access management can be!

View Demo

See tenfold In Action!

Experience tenfold live with our video overview
and see how easy access management can be!

View Demo