card using rbac access model


Key takeaways

  • Here’s a quick RBAC definition: it’s an organizational framework that allows you to manage people’s access permissions by giving them predefined roles.
  • Examples of roles include janitors with special access to storage closets or IT workers with special access to server rooms.
  • To take full advantage of an RBAC system, make sure you choose an electronic access system that automatically updates readers throughout your property when you change a person’s role.
  • Alternatives to RBAC include attribute-based, discretionary, and mandatory access control.


As access control systems evolve and become more complicated, many managers are depending on access control models that make thinking about and managing their properties easier. RBAC, or role-based access control, is one of the most popular models — but is it right for your property?

In this post, we explain what RBAC means and give an example of RBAC in action. Then, we go over alternatives so that you can pick the best model for you.

This post covers:


ButterflyMX Access Control CTA


What does RBAC mean?

RBAC stands for role-based access control, and it’s a way for you to easily manage who has access permissions on your property.

As a property manager, you’re always striking a balance between security and convenience. When you’re talking about dozens, or even hundreds, of people who pass through your building daily, you might need an organizational framework like RBAC to keep everybody’s access permissions straight.

Property visitors might range from repair people to employees to residents, and they all have different access needs. So, how can you make sure the right people have access to their intended spaces?

Under the RBAC model, you create roles that have different access permissions. Then, you can authorize everybody on your property to have a different role depending on the access level they need.


Watch how ButterflyMX works:


What is the meaning of authorization in RBAC?

When you authorize someone in an RBAC system, you grant them permission to access certain areas based on the role you’re giving them.


RBAC example

Let’s say you’re managing a commercial property. As an example of role-based access control, some predefined roles you might create are janitor, repair person, IT worker, or manager — and here’s where RBAC starts to shine.

You might want to make sure that only IT workers have access to the server rooms or only janitors have access to storage closets. After creating roles, you can assign them out and ensure that everybody has access to only the spaces they need.

In brief, this makes changing people’s roles and assigning access permissions easier. If somebody gets promoted, they might have access to different areas of the building. On your end, however, updating their permissions would be as simple as reassigning their role.


How does RBAC work?

A role-based access control implementation works by letting you easily assign and swap out a person’s role. So, you might be wondering what it actually looks like to assign and reassign permissions.

If you use an analog way of managing access to your building, reassigning somebody’s role might look like taking their set of keys and swapping them out with another set.

But these days, a building might depend on electronic access measures like keypads and card readers. Reassigning somebody’s role might mean sifting through databases and manually walking to each credential reader to update the system.

Luckily, the best access control systems integrate all the access hardware on your property and allow you to manage them all from the same dashboard. With these next-gen systems, following role-based access control best practices has never been easier. Updating a user’s permissions is as simple as one click.


Intercoms can provide RBAC


RBAC alternatives

Alternatives to RBAC include:


Attribute-based access control

An attribute-based access control model uses people’s attributes to check whether they should be able to access a certain area.

Examples of attributes include:

  • Time of day
  • Location
  • Security clearance



The difference between RBAC and ABAC is that you create roles — while an ABAC system checks for attributes on its own.

For example, if an ABAC system detects that a worker got a promotion, it automatically grants that worker access to more secure areas. An administrator doesn’t have to step in. In contrast, under a role-based system, managers would have to manually switch over that employee’s access permissions.

Because ABAC systems use real-time monitoring, they’re more complex — and more expensive. But, the expenses may be worth it for larger properties.


Discretionary access control

In a discretionary access system, multiple administrators have the power to control access permissions of a property.

Unlike attribute-based and role-based control, discretionary access control places much more emphasis on hands-on administration. Every administrator can create, remove, and edit a user’s permissions.

Because each user needs to be created individually — and managers can’t rely on the help of roles or attributes — discretionary access control is best for smaller properties or those with unique access needs.


Mandatory access control

Under a mandatory access system, a property’s access control system only has one administrator.

Like discretionary access control, mandatory access is a better fit for smaller properties. Otherwise, for bigger properties, having to manually create and monitor thousands of individual credentials might overwhelm a property manager.


access control system

Profile image for Ferdison Cayetano


Ferdison Cayetano

I’m a proptech enthusiast from New Jersey who’s looking forward to the innovations that will revolutionize real estate.

Follow Ferdison on LinkedIn