Role Based Access Control, or RBAC, is one type of authorization based on roles defined for a user. Although similar to GBAC in that they both allow access at scale, RBAC is focused on permissions rather than group identity. Without roles, permissions would be assigned to users on an individual basis. This level of customization detracts from the efficiency of authorization. Defining groups of permissions as a role creates a layer of abstraction and allows a user to be dynamic in assuming the roles they need.