← Back to C1 Academy
How to Design RBAC
Rich Manfredi·Solutions Architect·3 min
Rich Manfredi outlines the key considerations for designing a well-rounded RBAC program, including the difference between birthright and ad hoc roles and how to avoid common pitfalls like over-fragmentation.
Main Takeaways
- Birthright roles are assigned based on user attributes such as employment type, department, region, or country.
- Ad hoc or requestable roles are tied more closely to job functions or business roles.
- Avoid going too fine-grained; creating one role per user defeats the purpose of RBAC.
- Programmatic role creation, using tools like Terraform, can be an exception when proper governance and controls are in place.
- Consistent naming conventions help end users request the right access and give audit and compliance teams confidence that access is appropriate.
- A well-designed RBAC program balances structure with flexibility, grouping users efficiently while reflecting real business needs.