All articles

Navigating Access Control: Introducing RBAC in Passbolt

3 min. read

Shelby Lee Neubeck

Shelby Lee Neubeck

20 July, 2023

Navigating Access Control: Introducing RBAC in Passbolt

Harness the power of granular user control and increase your security with passbolt’s latest feature. With the latest release, passbolt has a new superpower: Role Based Access Control (RBAC), you can unlock a new level of user control. Let’s dive into RBAC’s capabilities and what you can expect from this powerful new addition.

An Overview of RBAC

RBAC or Role Based Access Control is exactly what it sounds like — a robust method of allowing admins to create and manage access to different aspects of a software based on designated roles. Each role, such as admins or users typically come with predefined permissions that determine which operations and resources can be seen or accessed. RBAC is a flexible addition to this, allowing admins to tailor these permissions and roles to meet the unique needs of your organisation. This not only enhances security, but also streamlines access management and makes collaboration more efficient.

A Balanced Solution

Prior to version 4.1 of passbolt, admins faced several challenges. There was no central way of defining what access a user has. These limitations didn’t allow hiding buttons, controlling imports and exports, or managing workspace visibility. The community submitted numerous requests for solutions:

With an emphasis on community-driven development, these requests didn’t go unheard.

Passbolt now has a solution that strikes the perfect balance between security and convenience — RBAC. With this feature administrators now have the power to manage the visibility of various functionalities, such as import/export, viewing passwords, activity tracking, commenting, and more, all based on each user’s role. Admins can define which features are displayed or hidden based on users, providing a personalised interface that aligns with their organisation policy.

RBAC is currently available at the user interface (UI) level, with the API level planned in the future. So please note that this first release of RBAC only restricts passbolt at the interface level, not the underlying structure.

Passbolt’s RBAC UI
Fig 1. Role Based Access Control workspace wireframe (source figma)

The Future For RBAC with Passbolt

Part two of passbolt’s RBAC feature is just around the corner. The second release of RBAC will go even further — to the API level. Admins will soon be able to manage access at a deeper level by restricting API actions based on each role, resulting in improved data integrity and heightened security.

To summarise: RBAC part one helps passbolt applications, such as the browser extension, restrict what users can see and do. In the future it will allow administrators to manage which actions are accessible to which roles at the API level.

This initial release may lack some functionality. Rest assured that passbolt is committed to providing a comprehensive solution that caters to the access control needs of your team or organisation. Some of the capabilities you can look forward to include dynamic rules and custom roles. Expect exciting updates that will address these issues and more, unlocking even more potential with RBAC.

Start Using RBAC

Are you excited about RBAC? Don’t wait any longer to experience its benefits. Upgrade to version 4.1 of passbolt, and discover the brand new “Role Based Access Control” item in the admins settings, granting you the power to manage what’s shown or what’s hidden on the user interface.

For a quick demonstration and overview, head over to the passbolt YouTube Channel. Stay tuned for more documentation that will be available soon. And remember, if you have any questions, concerns, or just want to connect, the passbolt community would love to have you.