
Welcome to Osano's Developer-Centric solutions: New APIs and iOS SDK
Osano is thrilled to unveil a new suite of features designed with...
Read NowThe simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline the DSAR workflow
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
May 10, 2021
Role-Based Access Control allows Osano administrators to restrict application access based on a person's role within the organization.
It's essential to keep your systems tight. Deciding what happens with a user's data is an important decision that should be based on training on laws and regulations, as well as the promises a company has made to customers within the privacy policy. Role-Based Access Control (RBAC) allows Osano administrators to decide who has access to which data within an organization. User access takes into consideration a multitude of factors, including authority, responsibility and job function. You can also limit access to specific product features and control the user's ability to view, create or modify those features. The aim is to keep data secure and allow users to focus on relevant tasks while restricting access to functions outside their access level.
An example might be: A company has many people all in charge of specific features within it. There's a customer support team that deals specifically with data subject access requests. But you don't want that group to have access to changing aspects of your website's consent manager, vendor litigation or product analysis. Role-Based Access Control allows you to assign roles to individual users that limit that access.
Role-based access control gives customers the ability to manage which areas of a particular system their users can access at a granular level to maintain compliance with various security standards. The solution is in line with the security principle "Give the fewest amount of people the least amount of access possible to do their jobs."
The National Institute for Standards and Technology proposed RBAC in 1992. Since then, it's become the standard for many large organizations, as well as government organizations. While the EU General Data Protection Regulation doesn't specifically mandate RBAC, it does call for organizations to "implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk."
Implementing RBAC should include a data inventory, defining roles (who should have access to what), an information-campaign for employees on the policy and regular audits to ensure it's working.
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
The Osano staff is a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet. Occasionally, the team writes under the pen name of our mascot, “Penny, the Privacy Pro.”
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.