Role-Based Access Control (RBAC) is a strategy used by many IAM systems to assign rights for who can do what within specific IT roles like applications, based on the organization’s structure and the users’ roles.