Model Role-Based Access Control (RBAC)

Roles are a widely-used approach to authorization. Also known as “role-based access control” or "RBAC", roles are an effective way to simplify authorization logic for both implementers and users.

A role is simply a way to group permissions so that they can be assigned to users. When a user is assigned to a role, the user will be granted all the permissions that the role has.

A permission specifies an action that a user can take on a resource. For example, we might say that a user in an organization has permission to read repositories.

A role’s permissions are not chosen arbitrarily. In general, a role should align with who the user is, what they want to do in the application, and perhaps even their role or title within their organization.

Almost every application has role-based access control. RBAC is so ubiquitous that Oso Cloud provides concise syntax for modeling it.

The simplest RBAC model to begin with is organization-level roles, in which users are assigned roles on the organization that they belong to. We’ve outlined this and other models for RBAC in this section.

Here are 3 resources that would be useful to have open when running through these guides:

• The Rules Workbench (opens in a new tab), a visual rules editor that you can use to model most of these patterns
• The syntax reference for Polar, our declarative configuration language that you can use to express any authorization model
• And our example application, GitCloud (opens in a new tab), a source code collaboration platform based on GitHub and GitLab