DEV Community

Cover image for RBAC | Role-Based Access Control
Esteban Fuster Pozzi
Esteban Fuster Pozzi

Posted on • Originally published at genosdb.com

RBAC | Role-Based Access Control

#security #rbac #architecture #bestpractices

RBAC stands for Role-Based Access Control, a widely used security model for managing permissions and restrictions in software systems, applications, or databases. Instead of assigning permissions directly to individual users, RBAC organizes permissions into roles, which are then assigned to users.

How RBAC Works

RBAC is based on three core concepts:1. RolesA role is a collection of permissions that defines what a user can do within the system. Examples:- admin: Can perform all operations.- editor: Can create and modify content, but not delete it.- guest: Can only read content.2. PermissionsPermissions are specific actions a role can perform. Common examples include:- read: View data.- write: Create or modify data.- delete: Remove data.- publish: Publish content.3. Role AssignmentEach user in the system is assigned one or more roles, depending on their responsibilities. Examples:- User Alice has the admin role.- User Bob has the editor role.Optional: Role InheritanceIn some systems, roles can inherit permissions from other roles. For example:- The admin role inherits all permissions from editor and adds extra permissions like delete.

Practical Example

Imagine a web app with the following roles and permissions:

const roles = {  superadmin: { can: ["assignRole"], inherits: ["admin"] },  admin: { can: ["delete"], inherits: ["manager"] },  manager: { can: ["publish"], inherits: ["user"] },  user: { can: ["write"], inherits: ["guest"] },  guest: { can: ["read"] },};
Enter fullscreen mode Exit fullscreen mode


Explanation:- superadmin: Can assign roles and inherits from admin.- admin: Can delete content and inherits from manager.- manager: Can publish content and inherits from user.- user: Can write content and inherits from guest.- guest: Can only read content.Example in Use:If a user with the user role tries to perform delete, access will be denied because user doesn’t have that permission.

Advantages of RBAC


1. Simplified Permission ManagementYou manage permissions at the role level instead of individually per user — ideal for systems with many users.2. ScalabilityAs your user base grows, you only need to assign roles — no need for manual permission handling per user.3. ConsistencyUsers with similar responsibilities receive the same permissions, reducing configuration errors.4. Enhanced SecurityRestricting actions to specific roles minimizes the risk of unauthorized access or accidental changes.5. FlexibilityYou can customize roles and permissions to match the specific needs of your application.

Common Use Cases

  • Web Applications: Control who can access pages or perform specific actions (e.g., edit a post, delete a comment).- Databases: Restrict access to tables or records based on user roles.- Blockchain & Metamask: In your project, RBAC integrates with WebAuthn for authentication, assigning roles to blockchain addresses and checking permissions before critical operations.- Enterprises: Used to manage access to internal resources like file systems, collaboration tools, and enterprise apps. ## RBAC vs. Other Access Control Models ModelDescriptionRBAC (Role-Based)Permissions are assigned to roles; roles are assigned to users.ABAC (Attribute-Based)Permissions are granted based on user, resource, or environment attributes.DAC (Discretionary Access Control)Resource owners decide who can access their resources.MAC (Mandatory Access Control)The system enforces strict security policies based on classification levels.RBAC is the most common due to its simplicity and flexibility. ## Summary RBAC is an efficient and scalable way to manage permissions in complex systems. In your project, RBAC enables:- Defining role and permission hierarchies- Assigning roles to authenticated users (e.g., via Metamask)- Verifying permissions before executing critical operationsThis approach not only strengthens security but also simplifies user and access management within the system. 🚀 ---

This article is part of the official documentation of GenosDB (GDB).
GenosDB is a distributed, modular, peer-to-peer graph database built with a Zero-Trust Security Model, created by Esteban Fuster Pozzi (estebanrfp).

📄 Whitepaper | overview of GenosDB design and architecture

🛠 Roadmap | planned features and future updates

💡 Examples | code snippets and usage demos

📖 Documentation | full reference guide

🔍 API Reference | detailed API methods

📚 Wiki | additional notes and guides

💬 GitHub Discussions | community questions and feedback

🗂 Repository | Minified production-ready files

📦 Install via npm | quick setup instructions

🌐 Website | GitHub | LinkedIn

Top comments (0)