Which technique is used to control access based on user roles?

Role-based access control (RBAC) is a method of regulating access to resources based on the roles assigned to individual users within an organization. It operates on the principle that users are granted access rights and permissions based solely on the role they hold, which is often reflective of their job functions. This efficient approach simplifies the administration of permissions as it allows for the management of multiple users simultaneously by associating their access needs according to their role rather than granting permissions on an individual basis.

This systematic control helps to ensure that users have access only to the information and systems necessary for their roles, thereby enhancing security and minimizing the risk of unauthorized access. For example, a user in a finance role may have access to sensitive financial records, while a user in IT may have broader access to administrative systems. By controlling access in this way, RBAC not only streamlines user management but also supports compliance with regulatory requirements.