Role-based access control (RBAC) is a security technique for controlling access to systems by granting a user access to certain resources or functions based on one or more roles performed by the user. That is, a user can be assigned to one or more roles, where each role can be associated with one or more system permissions. For example, a software tester can be assigned a tester role associated with a set of permissions that allows the software tester to install or modify software on a workstation, but cannot include permissions to access a human resources (HR) database containing confidential data about other employees. In another example, an HR representative can be assigned an HR role associated with a set of permissions that allows the HR representative to access an HR database, but cannot include permissions to install or modify software on a workstation. By using roles to perform access control, access control management can be simplified and more efficiently implemented. For example, when granting permissions to a new user, an RBAC administrator can assign the new user to one or more roles that the user is expected to perform without requiring the RBAC administrator to select or even know all relevant permissions required to perform each assigned role. Moreover, if the user changes roles, the RBAC administrator can reassign the user to new roles and can remove or unassign the user from unnecessary roles.
Data centers typically involve numerous elements, e.g., servers, switches, storage devices, network management systems, and other equipment. Traditionally, each data center element is configured with an element manager. For example, each element manager can provide or enforce access control capabilities for a particular element, thereby requiring each element to be managed and configured independently with regard to RBAC. However, using numerous element managers to implement RBAC is tedious, inefficient, and can increase implementation errors.