Role based access control-with role-based access control, access decisions are based on the roles that individual users have as part of an organization. users take on assigned roles (such as doctor, nurse, teller, manager). the process of defining roles should be based on a thorough analysis of how an organization operates and should include input from a wide spectrum of users in an organization.most access control systems are rule-based - that is, they use a preset list of rules when deciding whether or not a user should have access to a resource; this is not specific to access control systems based on user role. most networks use server-based access control to control access to network resources, however, local resources are typically under the control of the local machine. neither is particularly unique to role-based access control. some networks may use token-based access control, but that is not a requirement for role-based access control, either.