<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=229461991482875&amp;ev=PageView&amp;noscript=1">

RBAC is a widely used acronym, which stands for Role-Based Access Control. It’s an approach used for managing access and permissions relating to things such as network systems, documents and shared resources.

Users are granted permission to access different parts of the system, or to carry out different tasks, based on their assigned “Role”.

Typically, this will be used in larger organisations, with sufficient user numbers to warrant managing permissions on the basis of role, rather than individually.

Roles are assigned based on things such as seniority/authority, proximity to the system or information and area of the business.

What does RBAC look like?


A simple example of an RBAC framework, relating to a single document, could be as follows:

  • Role 1 - Administrator
  • Role 2 - Editor
  • Role 3 - Reader

As an Administrator, you would likely have the permission to read, write and save changes to the document, as well as to assign roles to other users and to invite new users.

As an Editor, you would be able to read and alter the document and as a Reader you would have permission to read the document, perhaps to suggest changes, but not to physically make any changes.

The principles of this simple framework are applicable to most areas of a business. In fact, if you work in a business of a reasonable size you’ll more than likely already be using RBAC in one form or another.

If you think about your current process for business areas such as IT, HR and Legal, there will probably be some form of RBAC in play.

Why is it useful?


Use of RBAC to manage access to documents and systems has a multitude of benefits but the main two are:

  • Simplicity. In a growing business that’s adding staff or new units, it can quickly become burdensome to manage individual permissions. Using RBAC means you can swiftly assign an appropriate role to someone based on established reasoning.
  • Data and system integrity. Ensures that only those with sufficient privileges have the ability to access/alter records within a system.

How is RBAC applied in Gatekeeper?


RBAC is a feature of our Enterprise plans and has an obvious place in managing contracts and suppliers in large companies. With a contract management system, you’re looking to:

  • Create a central repository for your contract and supplier records, to act as a single source of truth for your business. For this to be effective and accurate, you need tight controls over who can view and update records, and under what circumstances.
  • Have an auditable chain of activity for each record. It’s vital to capture who accessed the records and what changes were made, so that you can maintain compliance.
  • Store confidential information such as costs, supply-chain details and personal data. Access to this kind of information must be limited only to those with sufficient seniority and oversight.
  • Delegate responsibility for upkeep to specific departments or business units. By making heads of business units responsible for their own areas, you reduce the administrative load on central teams.

For all these scenarios, RBAC will simplify the process of collaboration by making it easy to assign access to new users at an appropriate level.

Essentially, you need only do the thinking once at the start of the process to establish what your roles should be and what their respective levels of access are. After that, you simply need to allocate a role or number of roles to each user.

RBAC is available for Gatekeeper Enterprise customers.

To reflect their comparatively smaller sizes, Starter and Pro customers benefit from individual permission controls only. Rather than scaling up to use roles as the basis for permissions, they can simply be managed at team level or ownership level.

Users can be allocated access to the full range of records or be limited just to the ones that they are responsible for.

For more information on how Gatekeeper can help you maintain control over access to your contract and supplier data, contact us today.

Ian Bryce
Ian Bryce

Ian writes on a variety of topics, bringing together his own knowledge and experience with that of industry experts.

Tags

Contract Management , Control , Vendor Management , Compliance , Contract Lifecycle Management , Contract Management Software , Visibility , Contract Lifecycle , Case Study , Vendor and Contract Lifecycle Management , Supplier Management , Vendor Management Software , Contract Risk Management , Contract Management Strategy , Contract Repository , Regulation , Risk Mitigation , Third Party Risk Management , Contract Automation , Regulatory compliance , VCLM , TPRM , Workflows , Artificial Intelligence , CLM , Contract Ownership , Contract Visibility , Contract and vendor management , Contracts , Procurement , Supplier Performance , Supplier Risk , contract renewals , Legal , Legal Ops , NetSuite , Podcast , Risk , Vendor Onboarding , Contract compliance , Financial Services , Future of Procurement , Gatekeeper Guides , Procurement Reimagined , Procurement Strategy , RFP , Supplier Relationships , Business continuity , CLM solutions , COVID-19 , Contract Managers , Contract Performance , Contract Redlining , Contract Review , Contract Risk , ESG , Metadata , Negotiation , SaaS , Supplier Management Software , Vendor Portal , Vendor risk , webinar , AI , Clause Library , Contract Administration , Contract Approvals , Contract Management Plans , Cyber health , ESG Compliance , Kanban , Market IQ , RBAC , Recession Planning , SOC Reports , Security , SuiteWorld , Sustainable Procurement , collaboration , Audit preparedness , Audit readiness , Audits , Business Case , Clause Template , Contract Breach , Contract Governance , Contract Management Audit , Contract Management Automation , Contract Monitoring , Contract Obligations , Contract Outcomes , Contract Reporting , Contract Tracking , Contract Value , DORA , Dashboards , Data Fragmentation , Digital Transformation , Due Diligence , ECCTA , Employee Portal , Excel , FCA , ISO Certification , KPIs , Legal automation , LegalTech , Mergers and Acquisitions , Obligations Management , Partnerships , Procurement Planning , Redline , Scaling Business , Spend Analysis , Standard Contractual Clauses , SuiteApp , Suppler Management Software , Touchless Contracts , Vendor Relationship Management , Vendor risk management , central repository , success hours , time-to-contract , APRA CPS 230 , APRA CPS 234 , Australia , BCP , Bill S-211 , Biotech , Breach of Contract , Brexit , Business Growth , CCPA , CMS , CPRA 2020 , CSR , Categorisation , Centralisation , Certifications , Cloud , Conferences , Confidentiality , Contract Ambiguity , Contract Analysis , Contract Approval , Contract Attributes , Contract Challenges , Contract Change Management , Contract Community , Contract Disengagement , Contract Disputes , Contract Drafting , Contract Economics , Contract Execution , Contract Intake , Contract Management Features , Contract Management Optimisation , Contract Management pain points , Contract Negotiation , Contract Obscurity , Contract Reminder Software , Contract Requests , Contract Routing , Contract Stratification , Contract Templates , Contract Termination , Contract Volatility , Contract relevance , Contract relevance review , Contracting Standards , Contracting Standards Review , Cyber security , DPW , DPW, Vendor and Contract Lifeycle Management, , Data Privacy , Data Sovereignty , Definitions , Disputes , EU , Electronic Signatures , Enterprise , Enterprise Contract Management , Financial Stability , Force Majeure , GDPR , Gatekeeper , Healthcare , ISO , IT , Implementation , Integrations , Intergrations , Key Contracts , Measurement , Microsoft Word , Modern Slavery , NDA , Operations , Parallel Approvals , Pharma , Planning , Port Agency , Pricing , RAG Status , Redlining , Redlining solutions , Requirements , SaaStock , Shipping , Spend optimzation , Startups , Supplier Cataloguing , Technology , Usability , Vendor Categorisation , Vendor Consolidation , Vendor Governance , Vendor Qualification , Vendor compliance , Vendor reporting , Voice of the CEO , automation , concentration risk , contract management processes , contract reminders , cyber risk , document automation , eSign , enterprise vendor management , esignature , post-signature , remote working , vendor centric , vendor lifecycle management

Related Content

 

subscribe to our newsletter

 

Sign up today to receive the latest GateKeeper content in your inbox.

Subscribe to Email Updates