Custom Role-Based Access Control (RBAC) Overview Erin Conry Custom Role-Based Access Control (RBAC) allows administrators to modify user access beyond standard system roles within the Bitsight platform. Custom roles function as overrides to existing system user roles, enabling more granular control over specific privileges.Custom RolesCustom roles allow you to grant or remove Application Access that a user would otherwise have, or not have, based on their base system user role.Key points:Custom roles do not replace system user roles; they modify them.Multiple custom roles can be assigned to a single user.When permissions from multiple roles conflict, any allowing access to an app in one role overrides app denial from any other role.Accessing and Managing Custom RolesCustom role creation and management are available from the Access Control page under the Custom Roles tab.Administrators can:Create and edit custom roles from a dedicated Custom Roles tab.Modify role privileges.Delete roles.Add or remove users from roles in bulk.Assign roles directly to users from the Create User and Edit User modals on the Users tab in Access Control.Permission Behavior and OverridesCustom roles can be used to toggle permissions on or off that a user would normally have through their company or system role.Custom roles cannot grant permissions that a user is not eligible for based on their existing roles.Example: If a user has the SPM/CM role set to None, granting SPM access via a custom role will not allow that user to access SPM.Safeguards and Best PracticesTo prevent accidental lockouts:To add Command Center access: a role must grant access to 2 or more of the SPM, CM, VRM, and TMH apps.Roles must include at least 1 app.Trust Management Hub does not have Access Control access. A Trust Management Hub only role will not be able to modify Custom Roles and users in them.These safeguards are designed to prevent users or administrators from locking themselves out of the platform.Because custom roles can interact in complex ways:Use caution when creating and applying roles.Carefully review role combinations to avoid conflicts or unintended access restrictions.Please note:The new Custom RBAC feature currently has a limited scope:API Access Not Restricted: Due to technical limitations, custom roles do not currently restrict API access.SSO/SAML Not Supported: SSO/SAML integration is not available in this initial launch. Custom Roles work in combination with SAML provisioned users as other roles are not affected or replaced by Custom Roles. Related articles Introducing Custom Role-Based Access Control (RBAC) - February 25, 2026 How is the Mobile Software Risk Vector Assessed? Access Control Organization: Bitsight Badge Access Control: Groups Tab Feedback 0 comments Please sign in to leave a comment.