Role-Based Access Control (RBAC) – Definition
A permissions model that grants system access and editing rights based on a user's assigned role rather than individually per user.
RBAC is the technical mechanism behind tiered content governance, tenant isolation, and four-eyes approval — it turns organizational rules about who may edit or approve what into enforced system behavior. Designing roles well means resisting two opposite failure modes: too few, overly broad roles end up granting most users far more access than their actual job requires, undermining the point of having roles at all, while too many narrow, finely sliced roles become an administrative burden to maintain and a source of confusion when someone's legitimate access request doesn't cleanly map to any existing role. A workable role structure usually maps closely to a handful of actual job functions rather than being designed in the abstract.