Role-based access control (RBAC)
An access-control model that assigns permissions to roles and users to roles, rather than assigning permissions directly to users.
In more detail
RBAC is the standard access-control pattern in enterprise software. Permissions attach to roles, users attach to roles, and adding a user to a role grants every permission the role carries. The model is simple, durable, and survives organizational change without a re-implementation.
RBAC's main weakness is the explosion of roles when access requirements get fine-grained. Mature organizations layer attribute-based access control (ABAC) on top to cover the cases RBAC alone does not.
Where this shows up at Ceven
Ceven uses RBAC as the primary access-control model for both the platform itself and the workflows it orchestrates. Role definitions live in the system of record, and the JML fan-out reads from them to drive provisioning, access review, and termination revocation.