Cyborg ERP - Control Centre Client Roles-Based Access Control (RBAC) Framework
Secure, Transparent Access for Every Stakeholder
The Cyborg Control Centre powers a clear, tiered Roles-Based Access Control (RBAC) Framework across Cyborg ERP. Designed to align with NEP-2020, ISO 27001, and NIST practices, it keeps academic and administrative operations secure, auditable, and easy to govern.
Objective
Establish a structured, tier-based policy for user authorisation and access privileges—covering admins, faculty, students, and parents—so data stays confidential, actions are accountable, and governance is visible through Cyborg Control Centre (CCC).
Hierarchical Structure of Stakeholders
| Tier | User Category | Role Type | Scope |
|---|---|---|---|
| Tier-0 | System Admin (Institution) | Technical & Super Admin | Institution-wide infrastructure control |
| Tier-1 | ERP Head / ICT Head | ERP configuration, user provisioning, CCC liaison | ERP & all modules |
| Tier-2 | Management / Governing Body / Director / Dean | Oversight, dashboards, analytics | Read + Approve |
| Tier-3 | Controller of Examination (COE) | Academic records, evaluation, result processing | Restricted write |
| Tier-4 | Registrar / Academic Admin / Finance Head / HR Head / Librarian | Departmental ownership, workflow approvals | Functional admin |
| Tier-5 | Faculty / HOD / Coordinator | Teaching, evaluation, mentoring, data entry | Course-level access |
| Tier-6 | Students | Personal academics, attendance, fee, results | Self-service portal |
| Tier-7 | Parents / Guardians | Monitoring academic & financial status | View-only dashboard |
Access Control Principles
- 🔹 Role-based access: Privileges mapped strictly to institutional designation.
- 🔹 Least privilege: Minimum rights required to perform the job.
- 🔹 Segregation of duties: Separate academic, financial, and admin powers to prevent misuse.
- 🔹 Dual approvals: Sensitive actions require two-layer authorisation.
- 🔹 Data access tagging: Every record is tagged (Institute → Department → Program → Role) for traceability.
Authentication & Security Controls
- 🔹 MFA for admin and academic roles
- 🔹 SSO with Azure AD / Google Workspace / University LDAP
- 🔹 Dynamic IP restriction for campus/remote policies
- 🔹 Role-scoped API tokens (JWT/OIDC with claims)
- 🔹 Encryption: AES-256 at rest; TLS 1.3 in transit
- 🔹 Comprehensive audit trails for all user actions
Reporting & Compliance
- 🔹 Daily: Login & access logs → Generated by: System Admin → Reviewed by: CCC Security Officer
- 🔹 Weekly: Ticket / workflow status → Generated by: ERP Head → Reviewed by: CCC Ops Manager
- 🔹 Monthly: Role change & privilege report → Generated by: Security Officer → Reviewed by: CCC Command Head
- 🔹 Quarterly: User audit & compliance → Generated by: CCC Team → Reviewed by: Director / Management
Key Outcomes
- 🔹 Transparent, multi-level accountability
- 🔹 Audit-ready governance (ISO-27001 / NEP-2020 aligned)
- 🔹 Secure, traceable data access across modules
- 🔹 Simplified role provisioning and ongoing monitoring
- 🔹 Real-time oversight through the Cyborg Control Centre (CCC)
Control Centre — Roles-Based Access Control (RBAC) Framework
Empower your institution with secure, transparent, and policy-driven governance through the Cyborg Control Centre . Manage authorizations, approvals, and audit trails seamlessly — ensuring every action is accountable and every user has the right access.
📚 Frequently Asked Questions (FAQs)
CCC governs who can access what across all modules using a tiered RBAC (Roles-Based Access Control) model — ensuring each stakeholder only sees and performs actions allowed by their role.
Yes. Roles, scopes, and approval chains are fully configurable per campus, college, department, or program — while retaining complete auditability and control.
CCC supports MFA, SSO (Azure AD / Google Workspace / University LDAP), dynamic IP policies, and role-scoped API tokens (JWT/OIDC) for secure authentication.
All data is encrypted using AES-256 at rest and TLS 1.3 in transit, and each record is tagged by Institute → Department → Program → Role for traceability. Every action is captured in audit trails.
Yes. Dual-approval (maker–checker) can be enforced for high-risk operations such as role elevation, bulk updates, or financial/admin changes.
Scheduled reviews include Daily login/access logs, Weekly workflow status, Monthly role/privilege changes, and Quarterly user audits — aligned with NEP-2020 and ISO 27001 standards.
