Role Based Access Control

With our solutions in RBAC you create a secure and centralized authorization assignment.

We will successfully implement your project – we promise.

Do you have a handle on employee eligibility?

With role-based access control, access authorizations are aggregated into roles. These are assigned to the employee accounts on the basis of unique identity attributes. For example, an employee in the “HR” department receives the corresponding “HR” role and thus implicitly all relevant authorizations for his or her activities.

For the comprehensible creation of roles, it is necessary to clean up and categorize all existing access authorizations. Depending on the state of the data, this can involve a greater effort.

The RBAC model cannot replace all individual authorizations. However, it can help to create transparency in the company’s authorization concept.

The entry process can be simplified considerably by the RBAC model. Even the change of department within the company can be handled easily. In addition, the roles can be continuously controlled by the HR department or the responsible person from the line. This ensures that incorrect mutations are noticed and corrected immediately.

How does the creation of an RBAC work?

Role-based access control is based on a three-tier structure of users, roles and groups. In role mining, organizations define roles, which are usually based on the organizational structure of the company. Each employee is then assigned one or more roles, which in turn comprise one or more access authorizations. One or more groups are also linked to a role, which are not necessarily the same as it.

In most cases, the pyramid approach is suitable for creating a role concept:

The top: permissions for all employees
  • At the top, those permissions are defined that every employee in the organization needs. These classically include access to the intranet, the office suite, the e-mail client, the shared network directory or logging in via Active Directory.
The second level: department affiliation
  • In an organization, employees in one department perform activities in a similar area. For example, the finance department needs access to the ERP system and to the departmental drive, while the HR department needs access to all employee data. The corresponding permissions are assigned to all employees of a department.
The third level: functions
  • Depending on the function of the employees and the associated tasks, further authorizations are defined.

RBAC Benefit

Tray rollers

A large number of (technical) individual authorizations can be combined into specialist roles.

Less administration

Reduced administrative work as fewer rules need to be maintained and changed in IdM.

Helpdesk requests

Fewer calls to the help desk.


IAM systems offer a wide range of reporting options. This means that you are always informed about which process is at a standstill, which accounts are orphaned, and which of your policies are in danger.

Reduced risk of abuse

Reduce the risk of misuse.


The verifiability of the execution of tasks in the user's life cycle.

Your added value

Fast, and simply genzenlos compatible

Time saving

Instead of having to manually assign and / or revoke new authorizations to your employees, this is calculated automatically thanks to RBAC (in combination with an IAM system).


With the help of RBAC, you can track which employee has been given which roles at which time and for what reason (possibly approved by whom).


With RBAC, you always know which employee has which authorizations assigned.


The added value for digitized companies

The way is the goal!

Transparent and automatic authorization assignment

Traceability through reporting

Independent role management

Our testimonials

Learn how to manage optimal access controls and separation of functions and tasks:

Role models improve IT security

Our certifications for quality management and data protection


We will help you!

We are always at your disposal. Why not give us a call without obligation and let’s focus on user experience and security together.