Orchid's Role Based Access Control (RBAC) is an exciting addition to the suite of already powerful and extensive tools. At the core of RBAC is managing complexity and security.

What is RBAC?
RBAC gives site owners or administrators the ability to control, at a granular level, what a user is and is not allowed to see or do.

RBAC has several components: modules, roles, and personalization.

• First modules are created - perhaps a "press module" which includes the adding, editing, browsing and deleting press releases. Modules are created by simply choosing the files that drive those functions.
• Next, roles are created - perhaps a "press junior" and a "press senior" - and different permissions are granted. Say, for example, you want the press junior to browse, add and edit but not publish press releases. The press senior, on the other hand, can do all those things as well as publish.
• The last step is personalizing the role so that when someone with that role logs in and only see what they are intended to see; the press links (for this example).

Why is RBAC Special?
Up until now, it has been possible to personalize a user's login and "turn off" links and tabs using the "Personalization" feature of Orchid.  However, the user him or herself was not allowed to further personalize their own experience. Moreover, when a new staffer was created, that user had ultimate control by default.  RBAC changes that.

Finally - a secure way to restrict the software and duplicate roles efficiently. Finally a way to manage the complexity of the software. Clearly a move in the right direction!