1 mins readRole Based Access Control (RBAC) is a method of granting system permissions by assigning users to roles with predefined access. In HR this controls who can view or edit employee records, payroll data and recruitment files.
What is Role Based Access Control
RBAC groups access rights into roles shaped by job functions. Instead of giving permissions to individuals, HR assigns roles such as recruiter, payroll clerk or manager. This reduces errors and simplifies onboarding and offboarding.
How does it work
Administrators create roles, map permissions and assign users to roles. The model supports least privilege and can include role hierarchies so senior roles inherit lower level permissions. Regular access reviews ensure compliance.
Practical usage in HR
RBAC is used to protect sensitive HR data, limit payroll editing, and control recruitment workflows. It supports audits and reduces risk of unauthorized changes.
- Recruiter role can view candidate pipelines but not payroll
- Payroll clerks can edit salary fields but not performance reviews
- Managers can approve time off but not change payroll bank details
Related concepts
RBAC relates to identity and access management, segregation of duties, access reviews, HRIS security and single sign on. These concepts work together to maintain compliant and efficient HR operations.