Role-Based Access Control

RBAC
access

Access control method that assigns permissions to roles rather than individual users.

What is Role-Based Access Control?

RBAC simplifies access management by grouping permissions into roles that align with job functions. Users are assigned to roles, and roles determine what they can access. This is more manageable than user-level permissions and provides clearer audit trails. When someone changes jobs, you change their role assignment rather than dozens of individual permissions.

In Microsoft 365

Azure AD provides built-in administrative roles (Global Administrator, User Administrator, etc.) and supports custom roles for granular permissions. Azure RBAC extends this to Azure resource management. Microsoft 365 workloads have their own role systems (Exchange admin roles, SharePoint admin roles).

Examples

  • 1Assigning Helpdesk Administrator role for password reset capabilities
  • 2Custom role for Teams channel management
  • 3Azure Owner role for subscription management

Related TrueConfig Controls

These controls help implement and verify role-based access control in your Microsoft 365 environment.

PA-01Limit Global Administrators to 2-4PA-02Use Dedicated Admin AccountsGOV-07Audit Privileged Role Assignments

Frequently Asked Questions

What is Role-Based Access Control (RBAC)?
Access control method that assigns permissions to roles rather than individual users.
How does Role-Based Access Control work in Microsoft 365?
Azure AD provides built-in administrative roles (Global Administrator, User Administrator, etc.) and supports custom roles for granular permissions. Azure RBAC extends this to Azure resource management. Microsoft 365 workloads have their own role systems (Exchange admin roles, SharePoint admin roles).
What are examples of Role-Based Access Control?
Examples of Role-Based Access Control include: Assigning Helpdesk Administrator role for password reset capabilities, Custom role for Teams channel management, Azure Owner role for subscription management.
Which TrueConfig controls relate to Role-Based Access Control?
TrueConfig controls related to Role-Based Access Control include: PA-01, PA-02, GOV-07. These controls help implement and verify role-based access control in your environment.

Related Terms

Least Privilege

Security principle that grants users only the minimum access rights necessary to perform their job functions.

← Back to GlossaryBrowse Controls →