Role Based Access Control Design Pattern


Role based access control method is designed for regulating access on computer and network resources base on the individual user’s roles within the enterprise. Access is the individual user’s ability to perform and do specific tasks like creating, viewing and modifying a file. The roles are accordingly defined based on the job competency, responsibility on the enterprise and on the authority.

If role based access control methods are properly implemented and the role based access design pattern is followed, it will enable the users to carry the wide range of the authorized task through the dynamic regulation of its actions according to the flexible functions, constraints and relationships. In the context of role base access control, the roles can be easily changed, created and discontinued when the needs for the enterprise evolve without the need of updating the individual privileged of every user.

RBAC method has the role base access control design pattern that will provide security and will allow the employees to access the needed information for their jobs and information that is relevant. The patterns are as follows:

  • Composit Pattern – this pattern is use when the context aware and the context of the user role s hierarchically structured. It should be understood that this pattern des not merely refer on the group of users and these are not related to the roles because these are related to the model of users. The composit pattern provides uniform interface to the role parameters which is represented by various types. An example of this composit pattern is the organizational unit of faculty and its department wherein the faculty is the composit and the departments are its leaf.
  • Proxy Pattern – this pattern was originated from the Proxy Design Pattern that aims to provide representative or surrogate for an object in order to control the access.

Role base access control method was designed in order to prevent the arising of such situations. It also takes some of the privileges that are associated with each role on particular company. It is being mapped directly on the systems that are used for accessing the IT resources. The role base access control has its rules that must be followed for a more successful access.

  • The person should be assigned for certain role so that certain action like transaction can be conducted.
  • The user needs the role authorization should be allowed so that the role will be hold.
  • The transaction authorization permits the user to do and perform transactions. The transactions must be allowed to happen all throughout the role members. The users are not allowed to perform certain transactions not unless they are authorized.

Role base access control method is implemented in order to make sure that the access to all data is securely performed by the authorized users. This method is different from other access methods because on the role base access control method, the access control assigns the users with permissions and specific roles which are granted to every role based. The users can be allotted with specific roles so that the day-to-day task will be conducted.

About Lee Hazell

Lee Hazell is a cyber security consultant with a keen interest in anything tech or security related. Follow Lee on .

Leave a Reply

Your email address will not be published. Required fields are marked *