This chapter discusses challenges associated with a traditional approach to access management and introduces the concept of role-based access control (RBAC). Further, we examine key concepts of roles and how traditional and leading mechanisms are used to enforce policy-based business rules. An RBAC approach and implementation methodology is discussed that can be practically implemented with a focus on realizing incremental business benefits (“short-term wins”) to sustain the organization’s appetite for a long-term investment in RBAC. Lastly, this chapter includes a discussion of the impact of RBAC to the overall access management life cycle, and provides guiding principles and lessons learned from complex ...