Role-based access control (RBAC) or role-based security refers to an approach for restricting system access based on a user's role within an organization. Users are allowed access to only the level of permissions or information necessary to perform their jobs.Rather than assigning multiple credentials for each job a user must accomplish, RBAC allows for a single set of credentials to be authorized to complete multiple jobs that require varying capabilities.Access within RBAC can be based on factors such as authority or job responsibilities and can be limited to view-only permissions or the ability to create and edit data.Implementing RBAC is an effective way to protect sensitive data from unauthorized users and is a much more flexible and efficient method than providing individual access privileges through an access-control list (ACL).
Benefits of Role-based Access Control
RBAC has been accepted by many as a best practice modeldue to its various advantages, including:
Increased efficiency
RBAC alleviates the need for manual modifications andindividual permission requests, reducing the amount of work and error rate.
Flexibility
Changes to the organizational structure or permissions can be quickly processed.
Transparency
Roles have clear, comprehensive names to promote transparency among users.
RBAC allows you to designate whether individual users are administrators or end-users and gives you the ability to assign or reassign roles to a group of users that all share the same capabilities. You can also add or remove members to or from a group.
When a group is first created, it's typically given a name that denotes the type of roles associated with the users within the group (such as "Admins"). As users are assigned to that group, they are granted those roles and capabilities. If a user is removed from the group, access to those roles will be restricted.
In RBAC, users can be assigned to multiple groups. For example, if an employee is assigned to a work project that requires temporary access to data, they can be added to a group with the roles needed for that project and then be removed after the work is complete.
Administrator Role
An individual in the administrator role is responsible for managing user permissions, user accounts, and access to keys within the organization. An Admin has authority to edit role permissions, add, delete, and edit user accounts, update user passwords, and access shared keys, secret keys, and generate new keys as needed.
Functions of an Admin
Manage User Permissions
•Edit permissions.
•Ensure that users have appropriate access.
User Account Management
•Add new users to the system and assign them appropriate roles and permissions.
•Delete user accounts of employees who have left the organization.
•Edit user account details such as name, email, contact information.
Password Management
•Update user passwords regularly and enforce password security polices.
•Assist users in resetting their passwords or recovering their accounts, if needed.
Key Access and Generation
•View applications.
•Access shared keys and secret keys.
•Generate new keys as needed for different applications.
- Developer Role
An individual in the Developer role is responsible for managing their own account information, accessing applications, utilizing the watchlist feature to favorite items, accessing, deleting, and generating shared and secret keys, and testing APIs using Postman.
Functions of a Developer
Account Management
•Manage their own account information, including personal details and contact information.
•Update account preferences and settings as needed.
Application Access
•Access and utilize applications.
•Ensure proper authentication and authorization mechanisms are in place for secure access.
Watchlist Management
•Utilize the watchlist feature to favorite items, such as Application Programming Interfaces (APIs), Software Development Kits (SDKs), or trainings.
•Utilize watchlist to communicate interest with their Candescent representative.
Key Management
•Access shared and secret keys necessary for application development.
•Delete unused or outdated keys to maintain security and prevent unauthorized access.
•Generate new keys.
API Testing with Postman
•Utilize Postman to test APIs and ensure proper functionality and integration. - Spectator Role
An individual in the spectator role is a general member with the ability to view API information and request to learn more about the options to build applications.
Functions of a Spectator
Account Management
•Manage their own account information, including personal details and contact information.
•Update account preferences and settings as needed.
Watchlist Management
•Utilize the watchlist feature to favorite items, such as APIs, SDKs, or trainings.
•Utilize watchlist to communicate interest with their Candescent representative.
