Role-based access control (RBAC) is a computer security method of regulating access to a computer system or computer network resources. RBAC restricts access to the computing resources to users that are authorized to access the resources. Individual users of the computing system or networking resources apply for specific roles, which are granted permissions to access specific resources available on the computer system or network. Roles are often defined according to the individual user's job, authority or responsibility within an organization or enterprise.
Roles within an organization are created for various job functions. Each role is granted permissions to perform certain operations on the computing system or network assigned to the particular role. RBAC security systems differ from individual user based security systems because RBAC systems do not assign permissions direct to a user, instead users acquire them through their assigned role. This differs from individual user based security that assigns users permissions on an individual object-by-object basis. Assignment and management of individual user rights can offer simplification of common operations, including adding a user or changing a user's department. Roles assigned to the user can easily be created, changed, or discontinued without having to individually update the privileges of every user of the system. Instead, when users change positions, or job requirements shift, roles may be added or modified to compensate for the new responsibilities of a user.
While RBAC security systems are advantageous under certain enterprise systems, RBAC suffers from its impracticability of scaling for use in large multi-tenanted or cloud based computing systems or networks. It is not feasible to create a role for every customer or tenant of a multi-tenant system, or manage every user's individual authorizations for each of the users' roles. It not uncommon for multi-tenanted or cloud based systems to manage hundreds of thousands of role assignments. Validating and managing every individual user that requests a role in the multi-tenant or cloud based environment, would require excessive amounts of resources to manage. Therefore, a need exists for methods, computer systems and computer programming products, capable of simplifying management requirements of individual users in RBAC systems.