2 mins read

Role-Based Access Control (RBAC) for SaaS Platforms

Cloudentity enables organizations to define user roles and use them as a part of the role-based access control.

Implementing Role-Based Access Control (RBAC) for Enhanced System Security and Efficient User Management

Role-Based Access Control (RBAC), also known as role-based security, serves as a method to constrain system access. It orchestrates permissions and privileges, encapsulating them within a defined user role, which in turn delineates the scope of accessible resources for a user.

It’s imperative for an organization to allocate a role within the RBAC framework to every employee, partner, or customer, as the role dictates the permissions system grants. Common roles, like an administrator, a manager, and a user, all possess varying permissions. In this setting, an administrator enjoys the broadest permissions, enabling actions like overseeing the organization’s B2B2C platform, managing users, and more. Conversely, a manager might have analogous permissions but lacks access to platform configuration, while a user role entails the most restrictive permissions.

RBAC and user roles

Adding RBAC to Apps

When using Identity Pools as an identity source for your users, you can define and store role-related information about the users. Cloudentity is a powerful authorization platform that allows you to protect your applications, services, and APIs.

Cloudentity authorization platform makes it easy to define authorization policies for Role-Based Access Control. You can do it either using Cloudentity policies and their visual editor or define authorization policies using REGO language.

  1. Create and configure identity pool:

    1. Create an Identity Pool.

    2. Define a role attribute and assign it to users.

  2. Configure workspace authentication context.

    To be able to include information about the user in an access token, add a new attribute to the authentication context of your workspace and map the user role (from the user metadata) to the newly created attribute.

  3. Add a token claim based on the authentication context attribute you added.

  4. Build an authorization policy in Cloudentity platform to check if particular role is assigned to the user.

  5. Assign your policy where you need RBAC, for example, to control access to client apps, restrict access to services (features), or APIs.

Updated: Sep 28, 2023