# RBAC | Role-Based Access Control

---
**RBAC** stands for **Role-Based Access Control**, a widely used security model for managing permissions and restrictions in software systems, applications, or databases. Instead of assigning permissions directly to individual users, RBAC organizes permissions into **roles**, which are then assigned to users.
## How RBAC Works
RBAC is based on three core concepts:**1. Roles**A role is a collection of permissions that defines what a user can do within the system. Examples:- admin: Can perform all operations.- editor: Can create and modify content, but not delete it.- guest: Can only read content.**2. Permissions**Permissions are specific actions a role can perform. Common examples include:- read: View data.- write: Create or modify data.- delete: Remove data.- publish: Publish content.**3. Role Assignment**Each user in the system is assigned one or more roles, depending on their responsibilities. Examples:- User **Alice** has the admin role.- User **Bob** has the editor role.**Optional: Role Inheritance**In some systems, roles can inherit permissions from other roles. For example:- The admin role inherits all permissions from editor and adds extra permissions like delete.
![](https://cdn-images-1.medium.com/max/800/0*opxTP-JGeRLfd3hF)

## Practical Example
Imagine a web app with the following roles and permissions:
```
const roles = {  superadmin: { can: ["assignRole"], inherits: ["admin"] },  admin: { can: ["delete"], inherits: ["manager"] },  manager: { can: ["publish"], inherits: ["user"] },  user: { can: ["write"], inherits: ["guest"] },  guest: { can: ["read"] },};
```

![](https://cdn-images-1.medium.com/max/800/0*YRkPu9guexvYwrM3.png)
**Explanation:**- superadmin: Can assign roles and inherits from admin.- admin: Can delete content and inherits from manager.- manager: Can publish content and inherits from user.- user: Can write content and inherits from guest.- guest: Can only read content.**Example in Use:**If a user with the user role tries to perform delete, access will be denied because user doesn’t have that permission.
## Advantages of RBAC

![](https://cdn-images-1.medium.com/max/800/0*kkSpppZ7U3jAEJWI.jpg)
**1. Simplified Permission Management**You manage permissions at the role level instead of individually per user — ideal for systems with many users.**2. Scalability**As your user base grows, you only need to assign roles — no need for manual permission handling per user.**3. Consistency**Users with similar responsibilities receive the same permissions, reducing configuration errors.**4. Enhanced Security**Restricting actions to specific roles minimizes the risk of unauthorized access or accidental changes.**5. Flexibility**You can customize roles and permissions to match the specific needs of your application.
## Common Use Cases
- **Web Applications**: Control who can access pages or perform specific actions (e.g., edit a post, delete a comment).- **Databases**: Restrict access to tables or records based on user roles.- **Blockchain & Metamask**: In your project, RBAC integrates with WebAuthn for authentication, assigning roles to blockchain addresses and checking permissions before critical operations.- **Enterprises**: Used to manage access to internal resources like file systems, collaboration tools, and enterprise apps.
## RBAC vs. Other Access Control Models
**Model****Description****RBAC (Role-Based)**Permissions are assigned to roles; roles are assigned to users.**ABAC (Attribute-Based)**Permissions are granted based on user, resource, or environment attributes.**DAC (Discretionary Access Control)**Resource owners decide who can access their resources.**MAC (Mandatory Access Control)**The system enforces strict security policies based on classification levels.**RBAC** is the most common due to its **simplicity and flexibility**.
## Summary
RBAC is an efficient and scalable way to manage permissions in complex systems. In your project, RBAC enables:- Defining role and permission hierarchies- Assigning roles to authenticated users (e.g., via Metamask)- Verifying permissions before executing critical operationsThis approach not only strengthens security but also simplifies user and access management within the system. 🚀
---

>

---

> **This article is part of the official documentation of GenosDB (GDB).**
> GenosDB is a distributed, modular, peer-to-peer graph database built with a Zero-Trust Security Model, created by **Esteban Fuster Pozzi ([estebanrfp](https://github.com/estebanrfp))**.

📄 [Whitepaper](https://github.com/estebanrfp/gdb/blob/main/WHITEPAPER.md) | overview of GenosDB design and architecture

🛠 [Roadmap](https://github.com/estebanrfp/gdb/blob/main/ROADMAP.md) | planned features and future updates

💡 [Examples](https://github.com/estebanrfp/gdb/blob/main/docs/genosdb-examples.md) | code snippets and usage demos

📖 [Documentation](https://github.com/estebanrfp/gdb/blob/main/docs/index.md) | full reference guide

🔍 [API Reference](https://github.com/estebanrfp/gdb/blob/main/docs/genosdb-api-reference.md) | detailed API methods

📚 [Wiki](https://github.com/estebanrfp/gdb/wiki) | additional notes and guides

💬 [GitHub Discussions](https://github.com/estebanrfp/gdb/discussions) | community questions and feedback

🗂 [Repository](https://github.com/estebanrfp/gdb) | Minified production-ready files

📦 [Install via npm](https://www.npmjs.com/package/genosdb) | quick setup instructions

🌐 [Website](https://estebanrfp.com/) | [GitHub](https://github.com/estebanrfp) | [LinkedIn](https://www.linkedin.com/in/estebanrfp/)
