Skip to content
Latchkey

What Is Role-Based Access Control? Permissions Through Roles

Role-based access control (RBAC) grants permissions to roles, then assigns roles to identities, so access follows job function rather than individual exceptions.

Role-based access control, or RBAC, is the most common way to organize authorization at scale. Instead of granting permissions to each user one by one, you define roles (admin, developer, viewer), attach permissions to those roles, and assign roles to people or services. It keeps access manageable as teams and pipelines grow.

How RBAC is structured

Permissions describe actions on resources. Roles bundle related permissions. Identities (users or services) receive one or more roles. To change what someone can do, you change their role rather than editing scattered individual grants.

Why teams use it

  • Consistency: everyone in a role has the same access.
  • Auditability: it is easy to see who can do what.
  • Onboarding and offboarding: assign or revoke a role, not dozens of permissions.

RBAC in CI/CD

Source hosts and CI platforms use RBAC for human access: who can merge, who can manage secrets, who can change pipeline settings. Cloud providers use roles for both people and workloads. A pipeline often assumes a role to gain exactly the cloud permissions it needs.

RBAC and least privilege

RBAC works best when roles are scoped tightly. A common mistake is a catch-all admin role handed out too freely. Defining narrow roles aligned to real tasks keeps the principle of least privilege intact and limits damage from a compromise.

Limits of RBAC

RBAC can struggle when access needs to depend on context (time of day, resource owner, request origin). When rules get that fine-grained, attribute-based access control may fit better. Many systems combine the two.

RBAC and runners

The role a pipeline assumes determines what its runner can touch. Scoping that role to a single environment limits exposure. On ephemeral runners (such as Latchkey managed runners), the assumed role context does not persist between jobs.

Key takeaways

  • RBAC assigns permissions to roles and roles to identities, simplifying access at scale.
  • It improves consistency, auditability, and onboarding or offboarding.
  • Narrow, task-aligned roles keep pipeline access close to least privilege.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →