What is role-based access control (RBAC)?

Role-based access control refers to controlling application user authorizations within an organization. When SaaS applications first launch team features, they often give all users full access to all features. However, for larger applications used at enterprise scale, there are requirements for team members to only have access to the features they need to do their jobs. Therefore, SaaS applications must be able to control user authorizations with role-based access control.

Components of RBAC

In the most basic RBAC configuration, users are identified as read-only. You can grant users differential access to features based on their authorizations.

In an RBAC standard configuration, you can have fine-grained control over which roles have read-write, read-only, or no access to different capabilities and resources. In many B2B SaaS companies, defined authorizations can be created like the examples below.

Super admin - Can modify users, as well as all features and access.

Billing contact - Can edit account billing data, but not users or features.

General user - Can use all features of the product, but does not have access to modify users or view billing information.

Report user - Has access to reporting features only and cannot modify resources separately.

Specific feature user - Restricts the user to using only one application-specific feature. In the case of WhaTap, we have one regular user and one super admin who cannot set notifications.

How can you use RBAC effectively?

To use RBAC effectively, it is important to create a user management structure and establish an invitation process when new users are added. The roles of users using SaaS services in your organization need to be clear so that you can consistently manage their access to the service.

It is also important to have a user invite count when inviting new users. If you try to invite a new hire to your service and they do not have enough user invites, they will not be able to access it. Make sure that the user invite count and the "Invite user" button are clearly marked as disabled due to lack of authorizations.

Introduction to the main authorization system of WhaTap

WhaTap provides monitoring services based on SaaS. Therefore, it is multi-tenant, and the relationship between tenants and users is often one to many. Hence, it is necessary to control access to tenant resources and functions according to various roles and tasks. Let me introduce the basic hierarchy concept for role-based authorization in WhaTap.

Project means a monitoring project in WhaTap, which is a monitoring unit. In addition to the division of monitoring units into projects, tenant authorizations are also managed. Projects are the most basic hierarchy. Project users inherit from group users. Users who belong to a group can monitor all projects in the group. If a user is only authorized to a project, they can only monitor that project, regardless of whether they are in a group or not.

Groups are helpful when managing multiple projects. For example, if you have more than two projects, it becomes cumbersome to manage them. What if you want to add or grant users to each project? In this case, you can bundle the two projects into one group and manage users as a group. One user can own multiple projects in one group.

An organization is a parent group to which groups can be tied. In most situations, projects and groups are sufficient.

WhaTap gives users the flexibility to grant different authorizations to different members for different projects, groups, etc.

💡What customers might find this useful?

If you specialize in operations management services, you may have a lot of projects, and if you utilize organizations that integrate and manage groups, you can manage them more efficiently.

Operations management services companies can also manage multiple subgroups under one organization at the parent level. Give each group member authorization. Authorized members can manage the group independently.

You can also find more information in the WhaTap technical documentation and in the content below.

• Explanation of WhaTap member authorization and how to set them up
• Content explaining WhaTap project structure and member authorization

Introduction to major authorization schemes in WhaTap

RBAC enables efficient service operation by granting appropriate authorization to members through the system and controlling access to the service. In addition, it can efficiently control data access in SaaS services that adopt multi-tenant. We recommend role-based authorization control for efficient use of SaaS services within your organization.