Welcome to Osano's Developer-Centric solutions: New APIs and iOS SDK
Osano is thrilled to unveil a new suite of features designed with...Read Now
May 10, 2021
Role-Based Access Control allows Osano administrators to restrict application access based on a person's role within the organization.
An example might be: A company has many people all in charge of specific features within it. There's a customer support team that deals specifically with data subject access requests. But you don't want that group to have access to changing aspects of your website's consent manager, vendor litigation or product analysis. Role-Based Access Control allows you to assign roles to individual users that limit that access.
Role-based access control gives customers the ability to manage which areas of a particular system their users can access at a granular level to maintain compliance with various security standards. The solution is in line with the security principle "Give the fewest amount of people the least amount of access possible to do their jobs."
The National Institute for Standards and Technology proposed RBAC in 1992. Since then, it's become the standard for many large organizations, as well as government organizations. While the EU General Data Protection Regulation doesn't specifically mandate RBAC, it does call for organizations to "implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk."
Implementing RBAC should include a data inventory, defining roles (who should have access to what), an information-campaign for employees on the policy and regular audits to ensure it's working.
The Osano staff is a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet. Occasionally, the team writes under the pen name of our mascot, “Penny, the Privacy Pro.”