Role-Based Access Control (RBAC)

Mike's Notes

I'm revisiting the role-based access control (RBAC) in Pipi.

Resources

• https://en.wikipedia.org/wiki/Role-based_access_control
• https://medium.com/@aakash_rana/simplifying-role-based-access-control-rbac-187b16c6c63f
• https://stackoverflow.com/questions/16139712/how-to-design-a-hierarchical-role-based-access-control-system
• https://www.cerbos.dev/blog/designing-an-authorization-model-for-an-enterprise
• https://budibase.com/blog/app-building/role-based-access-control/
• https://stackoverflow.com/questions/75795612/users-users-role-and-user-permissions-database-design-best-practice
• https://softwareengineering.stackexchange.com/questions/351620/what-is-a-suggested-roadmap-towards-implementation-of-a-simple-attribute-based-a
• https://docs.oracle.com/cd/E55956_01/doc.11123/administrator_guide/content/general_rbac.html
• https://docs.oracle.com/cd/E19683-01/816-4883/6mb2joavp/index.html
• https://neo4j.com/blog/security/role-based-access-control-neo4j-enterprise/
• https://www.bettercloud.com/monitor/the-fundamentals-of-role-based-access-control/
• https://www.red-gate.com/simple-talk/databases/sql-server/learn/schema-based-access-control-for-sql-server-databases/
• https://directory.apache.org/fortress/user-guide.html
• https://learn.microsoft.com/en-us/windows-server/networking/technologies/ipam/create-an-access-policy
• https://learn.microsoft.com/en-us/windows-server/networking/technologies/ipam/create-a-user-role-for-access-control
• https://learn.microsoft.com/en-us/windows-server/networking/technologies/ipam/view-roles-and-role-permissions
• https://learn.microsoft.com/en-us/power-platform/admin/wp-security-cds?tabs=new
• https://learn.microsoft.com/en-us/power-platform/admin/security-roles-privileges?tabs=new
• https://learn.microsoft.com/en-us/power-platform/admin/database-security
• https://docs.aws.amazon.com/redshift/latest/dg/t_Roles.html

References

• Reference

Repository

• Home > Ajabbi Research > Library >
• Home > Handbook > 

Last Updated

13/09/2025

Role-Based Access Control (RBAC)

By: Mike Peters

On a Sandy Beach: 08/09/2025

Mike is the inventor and architect of Pipi and the founder of Ajabbi.

Pipi 4

Pipi utilised a simple role-based access control (RBAC) system. It enforced a change of passwords for both admins and users. The old data model was similar to the one depicted in this diagram.

Pipi 9

Using RBAC to administer accounts for users must scale from very simple to large. Something much more robust is required.

Requirements

Entities;

• Users
• Policy
• Roles
• Permissions
• Groups
• Objects
• Sessions
• Join tables

Roles;

• In a hierarchy.
• Separation of duties by allowing and denying access.
• Fine-grained.

Uses;

• Pipi as an ecosystem and an individual system.
• Each account
• Organisational structures within an account
• Shares
• Individual users
• The public

The RBAC needs to be automatically logged, tested and audited.