Question OPAP-01
Do you support role-based access control (RBAC) for end users?
| Weight | 25 |
| High Risk | Yes |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
Describe any limitations to your roles-based approach.
Answering "YES"
Describe your RBAC.
Reason for Question
Understanding access control capabilities allows an institution to estimate the type of maintenance efforts will be involved to manage a system. Depending on the users, concerns may or not be elevated. The value of this question is largely determined by the deployment strategy and use case of the software/product/service under review. This question is specific to end users.
Follow-Up Inquiries
Ask the vendor to summarize the best practices to restrict/control the access given to the institution's end users without the use of RBAC. Make sure to understand the administrative requirements/overhead introduced in the vendor's environment.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]