Question OPAP-02

Do you support role-based access control (RBAC) for system administrators?

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

Describe any limitations to your roles-based approach.

Answering "YES"

Describe your RBAC.

Reason for Question

Managing a software/product/service may rely on various professionals to administer a system. This question is focused on how administration, and the segregation of functions, can be implemented within the system. Securing the administration portion of a system has additional implications (e.g., logging, administration, etc.) beyond that of end users.

Follow-Up Inquiries

Ask the vendor to summarize the best practices for securing their system(s) administratively without the use of RBAC. Make sure to understand the administrative requirements/overhead introduced in the vendor's environment.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]