Role-Based Access Control allows Osano administrators to restrict application access based on a person's role within the organization.
An example might be: A company has many people all in charge of specific features within it. There's a customer support team that deals specifically with data subject access requests. But you don't want that group to have access to changing aspects of your website's consent manager, vendor litigation or product analysis. Role-Based Access Control allows you to assign roles to individual users that limit that access.
Why does this matter?
Role-based access control gives customers the ability to manage which areas of a particular system their users can access at a granular level to maintain compliance with various security standards. The solution is in line with the security principle "Give the fewest amount of people the least amount of access possible to do their jobs."
The National Institute for Standards and Technology proposed RBAC in 1992. Since then, it's become the standard for many large organizations, as well as government organizations. While the EU General Data Protection Regulation doesn't specifically mandate RBAC, it does call for organizations to "implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk."
Implementing RBAC should include a data inventory, defining roles (who should have access to what), an information-campaign for employees on the policy and regular audits to ensure it's working.