It is a method or structuring privileged access based on individual roles or types of functions. This facilitates access provisioning and de-provisioning as users are assigned pre-defined roles according to their position in the firm without having to chase specific permissions.