Skip to main content

Role Based Access Control


RBAC is currently available at the user interface (UI) level, with the API level planned in the future. So please note that this first release of RBAC only restricts passbolt at the interface level, not the underlying API.

How to configure Role-Based Access Control

Since version 4.1.0, all editions of passbolt support Role-Based Access Control.

Role-Based Access Control
fig. Role-Based Access Control


You can follow this procedure if you are meeting the following requirements:

  • You are running passbolt >= v4.1.0.
  • You have an active administrator account.

How does it work?

RBAC is a feature introduced that as for aim to restrict the access of functionalities to users.

According to the administrator choices, users can be restricted to some functionalities. The administrator has only to chose between allow or deny options for the functionalities.


In order to configure RBAC for your organisation, go to administration setting workspace Administration > Role-Based Access Control.

Choose to restrict or not a functionality

By default, all functionalities are allowed. To deny one select and restrict the one that suits best your organization.

RBAC administration settings select permission
fig. RBAC administration settings select permission

Apply the changes

Once the RBAC is configured as you wish, you can apply the changes. Click on the “save settings” button.

RBAC administration settings save changes
fig. RBAC administration settings save changes