RBAC

Role-based access control (RBAC) models, also called nondiscretionary models,
make access decisions based on the rights and permissions assigned to a role or
group, not an individual user. Administrators create roles, or groups, which act
as containers for users. The administrators assign access rights and permissions
to the role instead of directly to the user. The user that is placed into a role or
group inherits the permissions and access rights from the role, thus is implicitly
assigned access rights. This kind of model is effective in large companies that
have high turnover rates because it allows the administrator to simply place new
employees into roles instead of creating new permissions for each and every
person who joins the company.

Roles usually map to specific roles outlined in the company’s organization
chart. For example, if a company has an accounting department, the administrator
can create an accounting group with access rights to the resources anyone
within the department would need. Users can be assigned to one or more roles
and each role can have limited or many access rights and permissions assigned
to it. The upper and lower bounds of access are referred to as a lattice of access
rights.