Role Based Access Groups (RBAC)
      Back to home
      1. Knowledgebase
      2. User Management
      3. Role Based Access Groups (RBAC)

      Role-Based Access Controls (RBAC)

      This article gives an overview of Role Based Access Controls.

        Restore Visibility 

         Estimated Read Time:  5 minutes

      Sections in  this article:


      What are Role-Based Access Controls (RBAC)?

      Role-Based Access Controls (RBAC) allow user access to be managed at the group level rather than individually, ensuring a structured and efficient approach to permissions.

      In Gatekeeper, the primary object is the Contract Record, as all other objects link back to it. Using any combination of these objects, you can provide the correct level of access for your users.

      When setting up RBAC groups, there are three key objects to consider:

      • Entities – The legal entities that make up your organisation that are parties to contracts.
      • Teams – Typically aligned with departments, e.g. Legal or InfoSec.
      • Categories – Used to group contracts within your repository, describing the goods or services obtained under the contract.

      Additionally, you can provide access to specific contracts and vendors for access groups. 

      Note: Your teams, categories, or entities may have been renamed within your tenant, but this article will reference their default names.


      Benefits of RBAC:

      • Ensures users have only the necessary access, enhancing security and control.
      • Allows system administrators to efficiently manage user access at scale through access groups.

      Example

      John is part of the Legal Team and manages only Commercial Contracts. Using RBAC, you can create an access group where Team = Legal and Category = Commercial, ensuring John can view all relevant Contracts and Vendors.


      Users can also be a part of many access groups, so using this example, you could grant further access for John by adding additional RBAC groups to John's permissions.

      Set the AND / OR Operator

      When setting up RBAC Groups, it's important to understand how the And vs. Or operator affects access:

      • And (more restrictive): A record must meet all selected conditions for the user to gain access to it.

        • Example: If a group is set to Team = Legal AND Category = Commercial, users will only have access to contracts that belong to the Legal team and are categorised as Commercial.

      • Or (less restrictive): A record only needs to meet one of the selected conditions for the user to gain access to it. 

        • Example: If a group is set to Team = Legal OR Category = Commercial, users in this group will have access to all contracts in the Commercial category, even if they aren’t linked to the Legal team.

      This is a Global Setting, so will dictate all RBAC Groups.

      To set the Boolean Operator:

      1.  From the navigation menu, expand the Settings option, then click Configuration.
      2. Click Role Based Access Control (RBAC) Configuration.
      3. Select the appropriate radio button.
      4. Click Save.

      Additional Reading