Role-Based Access Control (RBAC) is a popular model for access control in large organizations. The reason for this is that it scales well and is a good fit for the access control needs of many large organizations. RBAC is not the only access control model out there, but it is a very popular one.
In this video we walk through the main concepts of RBAC, which are capabilities, permissions, roles, and users. We also discuss the relationships between these concepts, for example the fact that users can play multiple roles.
Last but not least, we point out some alternatives such as Access Control Lists (ACL) and Attribute-Based Access Control (ABAC).
Slides online: https://dret.net/lectures/getting-apis-to-work-2021/rbac
0:00 Role-Based Access Control (RBAC) Introduction
0:41 RBAC Model: Capability
0:57 RBAC Model: Permission
1:45 RBAC Model: Role
2:25 RBAC Model: User
3:38 RBAC Relationships: User
3:47 RBAC Relationships: Role
4:18 RBAC Relationships: Permission
5:00 RBAC Relationships: Capability
5:49 Enterprise-level Access Control