T-RBAC

T-RBAC stands for task-based RBAC. Modern organizations are composed of cross-functional teams working on initiatives or projects, and not all access is either job-based. In EmpowerID, this type of access is commonly bundled into task-based functional roles commonly known as T-RBAC.

T-RBAC is used internally by EmpowerID to organize who may use which user interfaces, APIs, and workflows, who may see which objects and data, and who may perform which actions against objects.

One of the advantages of T-RBAC is that it separates access for UI, data visibility, and data access to avoid bundling and over-permission.

Below is a Venn diagram of the 3 types of T-RBAC Management Roles and how they combine to enable task-based access.

UI/API‑ Roles grant access to user interface elements, such as pages and controls, and access to run workflows.
Data visibility Roles grant the visibility access to view specific types of objects or resources in a particular scope, such as at the organizational level.
Data access Roles grant the authorization to perform specific actions or “operations” within EmpowerID user interfaces and workflows against scoped data, such as individual mailboxes

Key Takeaways:

T-RBAC stands for task-based RBAC.
T-RBAC is used internally by EmpowerID.
T-RBAC separates access for UI, data visibility, and data access.
There are three types of T-RBAC Management Roles.