RBAC — Role-Based Access Control

Definition

Permissions attached to roles rather than individuals, in a tiered hierarchy, limiting the blast radius of any single account.

Worked Example

A 7-tier example hierarchy:

viewer -> analyst -> contributor -> manager
       -> finance lead -> admin -> superadmin

Each tier inherits the lower tiers' read rights and adds
specific write/approve rights.

Interpretation & Pitfalls

RBAC is an accounting control expressed as engineering — roles map to separation-of-duties requirements.

In TupicFinance

A seven-tier RBAC model governs every endpoint and page.