Question

Let's say you are a small business owner that provides business-to-business software-as-a-service to non-profit organizations. Your product allows non-profits to create, manage, and market products to potential donors. Your application contains several different modules, two of which are: (i) a gift shop point of sale (POS) module that enables non-profits to effectively create pop-up t-shirt shops and manage their sales, and (ii) a marketing module that allows non-profits to create and distribute newsletters to their donors. Can you explain role-based access control (RBAC) with this example or any other example as an illustration?

Answer 1

Solution

Without role-based access control(RBAC),

every non profit employees & volunteers will have access to all features of application, that is not ideal, particularly since 1 of them is an animal rescue who has a variety of volunteers with knowledge of only the area in which they volunteer.

Alternatively we can implement RBAC and creating some permissions that users in the gift shop POS(Point of Sales) module would require:

• read:catalog-item
• read:customer-profile
• create:invoice

For making this easier to manage we need to create a role called

“Gift Shop Manager” & add the following permission to the role

In the same way we need to create permissions for users in the marketing module also that includes

• create:newsletter
• edit:newsletter
• delete:newsletter
• send:newsletter
• edit:distribution-list

We need to create a role called “Newsletter Admin” and add the permissions to also

Now when your animal rescue brings in their volunteer, astrid, to run their pop up t shirt shop

Astrid is assigned to the role of “Gift Shop Manager”

When we assigning the role to Astrid she will grant all the permissions that you assigned to the role

Astrid does know nothing about publishing news letters

We never assigned her the “Newsletter Admin” Role therefore she never accessed the marketing module

By using RBAC we can avoid building & maintaining separate authorisation systems on the other hand we can use the token we have already received during authorisation we can easily remove the “Gift Shop Manager” role from her & we can assign new role

Maintaining roles & permissions for all of the customers becomes too unwisely we can use RBAC to create a module within our product which allows customers to manage their own RBAC thereby reducing liability & cutting staffing costs

---

all the best