{"id":999979459,"date":"2025-12-10T11:30:45","date_gmt":"2025-12-10T04:30:45","guid":{"rendered":"https:\/\/bizzi.vn\/?p=999979459"},"modified":"2026-06-09T13:38:11","modified_gmt":"2026-06-09T06:38:11","slug":"what-are-rbac-and-abac-in-finance","status":"publish","type":"post","link":"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/","title":{"rendered":"What are RBAC and ABAC in finance? These two decentralized models determine the level of security of corporate financial data."},"content":{"rendered":"<p><span style=\"font-weight: 400;\">In finance, RBAC (Role-Based Access Control) grants permissions based on job titles (employees, managers), which is simple and common. Meanwhile, ABAC (Attribute-Based Access Control) is more flexible, controlling access by combining multiple factors such as role, geographic location, time, and transaction type, enabling more detailed and dynamic risk management, suitable for complex systems.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This article will delve into the role of RBAC and ABAC in finance.<\/span><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_80 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Index<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#Vi_sao_phong_RBAC_va_ABAC_trong_tai_chinh_dac_biet_can_thiet\" >Why are RBAC and ABAC departments particularly important in finance?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#RBAC_la_gi_%E2%80%93_Phan_quyen_truy_cap_theo_vai_tro\" >What is RBAC? \u2013 Role-Based Access Control<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#Khai_niem\" >Concept<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#RBAC_van_hanh_nhu_the_nao_trong_phong_tai_chinh\" >How does RBAC operate within the finance department?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#Uu_diem_cua_RBAC\" >Advantages of RBAC<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#Han_che_cua_RBAC\" >Limitations of RBAC<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#Khac_nhau_giua_RBAC_va_ABAC_trong_tai_chinh_la_gi\" >What is the difference between RBAC and ABAC in finance?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#Ung_dung_RBAC_va_ABAC_trong_tai_chinh_%E2%80%93_ke_toan\" >Applications of RBAC and ABAC in finance and accounting.\u00a0<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#Accounts_Payable_AP_%E2%80%93_P2P\" >Accounts Payable (AP) \u2013 P2P<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#ABAC_trong_AP_dung_de_xu_ly_quy_tac_phuc_tap_theo_ngan_sach_%E2%80%93_cost_center_%E2%80%93_han_muc\" >ABAC in AP is used to handle complex rules based on budget \u2013 cost center \u2013 limits:<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#Accounts_Receivable_AR_%E2%80%93_O2C\" >Accounts Receivable (AR) \u2013 O2C<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#Treasury\" >Treasury<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#Ke_toan_tong_hop_%E2%80%93_R2R_%E2%80%93_Dong_ky_Closing\" >General Accounting \u2013 R2R \u2013 Closing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#FP_A_%E2%80%93_Bao_cao_Ngan_sach\" >FP&amp;A \u2013 Reporting &amp; Budgeting<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#Cong_nghe_ho_tro_RBAC_va_ABAC_trong_tai_chinh_la_gi\" >What is the technology that supports RBAC and ABAC in finance?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#He_thong_ERP\" >ERP system<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#IAM_%E2%80%93_Identity_Access_Management\" >IAM \u2013 Identity &amp; Access Management<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#APAR_Automation\" >AP\/AR Automation<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#Audit_Logging_%E2%80%93_Bat_buoc_cho_tai_chinh\" >Audit Logging \u2013 Mandatory for Finance<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#Compliance_%E2%80%93_Risk_%E2%80%93_Audit_Vi_sao_RBAC_va_ABAC_trong_tai_chinh_dong_vai_tro_cot_loi\" >Compliance \u2013 Risk \u2013 Audit: Why do RBAC and ABAC play a core role in finance?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#1_Segregation_of_Duties_SoD_Yeu_cau_bat_buoc_trong_tai_chinh\" >1. Segregation of Duties (SoD): A mandatory requirement in finance<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#2_Ngan_chan_gian_lan_noi_bo_Internal_Fraud\" >2. Prevent Internal Fraud<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#Cac_loai_gian_lan_pho_bien_trong_tai_chinh\" >Common types of fraud in finance:<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#Cach_RBAC_ABAC_ngan_chan\" >How RBAC + ABAC prevents:<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#3_Dap_ung_cac_chuan_tuan_thu_kiem_toan\" >3. Meet compliance &amp; audit standards<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#4_Zero_Trust_Finance_Model\" >4. Zero Trust Finance Model<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#Vai_tro_cua_Bizzi_trong_trien_khai_RBAC_ABAC_trong_tai_chinh_hien_dai_la_gi\" >What is Bizzi&#039;s role in implementing RBAC &amp; ABAC in modern finance?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#Bizzi_Expense_%E2%80%93_Phan_quyen_ngan_sach_phe_duyet_chi_tieu\" >Bizzi Expense \u2013 Budget Decentralization &amp; Expense Approval<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#Bizzi_AP_Automation_%E2%80%93_Kiem_soat_hoa_don_bang_RBAC_ABAC\" >Bizzi AP Automation \u2013 Invoice Control with RBAC + ABAC<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-30\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#Bizzi_ARM_%E2%80%93_Phan_quyen_cong_no_theo_trach_nhiem_va_khach_hang\" >Bizzi ARM \u2013 Decentralize debt according to responsibility and customer<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-31\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#RBAC\" >RBAC:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-32\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#ABAC_%E2%80%93_Phan_quyen_theo_%E2%80%9Ccustomer_ownership%E2%80%9D\" >ABAC \u2013 Delegation of authority based on \u201ccustomer ownership\u201d:<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-33\" href=\"https:\/\/bizzi.vn\/en\/what-are-rbac-and-abac-in-finance\/#Ket_luan\" >Conclude<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Vi_sao_phong_RBAC_va_ABAC_trong_tai_chinh_dac_biet_can_thiet\"><\/span><b>Why are RBAC and ABAC departments particularly important in finance?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The finance department is where the most sensitive data in an organization is concentrated, and also where the potential for internal fraud is highest if access control is not tightly managed. Common problems include:<\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Financial data that is too sensitive to be shared widely includes:<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Salary and benefits vary by employee.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Departmental expenses<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Cost of goods sold, supplier discount<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Cash flow, payment approval flow<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Just one wrong authorization error can lead to data leakage or internal conflicts.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Financial business flows require the segregation of duties according to internal control standards. In P2P (Procure-to-Pay), O2C (Order-to-Cash), and R2R (Record-to-Report), each role must be separated:<\/span>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">The PO creator cannot be the payment approver.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">The controller cannot be the person who records the transaction.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Vendor creators cannot self-approve vendors.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Without RBAC\/ABAC, the risk of fraud increases exponentially. <\/span><span style=\"font-weight: 400;\">Internal audit &amp; audit requires a clear trace of authority. When errors or suspicions occur:<\/span><\/p>\n<ul>\n<li><span style=\"font-weight: 400;\">Auditors need to know who has access to the data.<\/span><\/li>\n<li><span style=\"font-weight: 400;\">Who edited the document?<\/span><\/li>\n<li><span style=\"font-weight: 400;\">Who approves the expenditure?<\/span><\/li>\n<\/ul>\n<p>This cannot be done manually or by email. RBAC\/ABAC creates an accurate and consistent audit trail.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"RBAC_la_gi_%E2%80%93_Phan_quyen_truy_cap_theo_vai_tro\"><\/span><b>What is RBAC? \u2013 Role-Based Access Control<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Advantage <\/span><span style=\"font-weight: 400;\">RBAC is easy to deploy and manage in a clearly structured environment.\u00a0<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Khai_niem\"><\/span><b>Concept<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">RBAC (Role-Based Access Control) is an authorization model in which users are assigned roles, and each role determines what that person can do in the system.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">User \u2192 Role<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Role \u2192 Permission<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Permission \u2192 Actions on data<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">That means you don&#039;t grant permissions to individuals, you only grant permissions to roles, and assign roles to individuals.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"RBAC_van_hanh_nhu_the_nao_trong_phong_tai_chinh\"><\/span><b>How does RBAC operate within the finance department?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">The standard model of RBAC in finance is represented as a chain: <\/span><b>Role \u2192 Permission \u2192 Action \u2192 Object. <\/b><span style=\"font-weight: 400;\">In the context of financial operations, this can be understood as follows:<\/span><\/p>\n<table style=\"border-color: #000000; border-style: solid;\">\n<thead>\n<tr>\n<th><b>Role<\/b><\/th>\n<th><b>Permission<\/b><\/th>\n<th><b>Action<\/b><\/th>\n<th><b>Object<\/b><\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><span style=\"font-weight: 400;\">AP Maker<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Create a document<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Create<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Payment Request<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">AP Checker<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Check the invoice<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Review\/Verify<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Invoice<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Approval<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Approve expenses<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Approve<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Expense\/Invoice<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">CFO<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Full access<\/span><\/td>\n<td><span style=\"font-weight: 400;\">View\/Approve\/Report<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Budget, Cost, GL<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><b>Real financial institution simulation example:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>AP Maker:<\/b><span style=\"font-weight: 400;\"> Create payment vouchers, enter invoices, attach documents.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>AP Checker:<\/b><span style=\"font-weight: 400;\"> Check invoice validity, 3-way match (PO \u2013 GR \u2013 Invoice).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Approver (Line Manager\/Director): <\/b><span style=\"font-weight: 400;\">\u00a0Expenditures are approved by department or according to assigned budgets.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>CFO: <\/b><span style=\"font-weight: 400;\">View the complete budget, expenses, cash flow report, and closing report.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">RBAC helps each person know exactly their scope \u2013 no confusion.<\/span><\/p>\n<figure id=\"attachment_999979461\" aria-describedby=\"caption-attachment-999979461\" style=\"width: 1024px\" class=\"wp-caption aligncenter\"><img fetchpriority=\"high\" decoding=\"async\" class=\"wp-image-999979461 size-full\" src=\"https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/rbac-va-abac-trong-tai-chinh-la-gi-2.jpg\" alt=\"rbac and abac in finance are what 2\" width=\"1024\" height=\"536\" title=\"\" srcset=\"https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/rbac-va-abac-trong-tai-chinh-la-gi-2.jpg 1024w, https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/rbac-va-abac-trong-tai-chinh-la-gi-2-300x157.jpg 300w, https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/rbac-va-abac-trong-tai-chinh-la-gi-2-768x402.jpg 768w, https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/rbac-va-abac-trong-tai-chinh-la-gi-2-18x9.jpg 18w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption id=\"caption-attachment-999979461\" class=\"wp-caption-text\">RBAC (Role-Based Access Control) is an authorization model in which users are assigned roles, and each role determines what that person can do in the system.<\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"Uu_diem_cua_RBAC\"><\/span><b>Advantages of RBAC<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">RBAC is suitable for most businesses that are new to implementing financial controls for the following reasons:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">\u00a0Easy to audit: \u201cwho is authorized to do what, on what data?\u201d, Clear audit trail, easy to prove compliance.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">\u00a0Easy onboarding\/offboarding of personnel, no need to manually set permissions.<\/span>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">New employee \u2192 assign role \u2192 use immediately<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Employee leaves \u2192 remove role \u2192 remove all privileges<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\">\u00a0Enhanced Separation of Duties (SoD): RBAC helps enforce SoD in financial processes and reduce the risk of internal fraud.\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\">The person creating the document cannot approve it themselves.<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\">The reviewer cannot pay himself.<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\">The vendor creator cannot approve the vendor themselves.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Han_che_cua_RBAC\"><\/span><b>Limitations of RBAC<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Although simple and effective, RBAC still has many limitations when businesses expand \u2013 especially in multi-company, multi-branch, multi-cost center.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Role Explosion \u2013 The number of roles is increasing rapidly.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">For example, if a business has 5 departments and 4 levels of approval limits, RBAC must create more than 5 departments. <\/span><b>20 different roles<\/b><span style=\"font-weight: 400;\">The larger the RBAC, the harder it is to maintain.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Complex logic is not supported.<\/span><\/li>\n<\/ul>\n<p>RBAC is insufficient for dynamic rules such as:<\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\">Approval by limit (eg: &lt;30M at Department Head level, &lt;100M at Director level)<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\">Browse by department\/budget<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\">Browse by document type (Capex vs Opex, PO vs Non-PO)<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\">Browse by location\/branch<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\">Browse by brand or project<\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Because RBAC only manages by \u201crole\u201d, it does not consider the actual data of the document.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Not optimal for multi-entity businesses<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">A business with multiple subsidiaries will need permissions to:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">AP Maker of company A cannot view company B&#039;s invoices<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Brand manager X is not allowed to review brand budget Y.<\/span><\/li>\n<\/ul>\n<p>Pure RBAC is context-insensitive, leading to data exposure.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Khac_nhau_giua_RBAC_va_ABAC_trong_tai_chinh_la_gi\"><\/span><b>What is the difference between RBAC and ABAC in finance?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The table below summarizes the core differences between RBAC (Role-Based Access Control) and ABAC (Attribute-Based Access Control), based on the actual needs of the finance and accounting department.<\/span><\/p>\n<table style=\"width: 100%; height: 264px;\">\n<tbody>\n<tr style=\"height: 24px;\">\n<td style=\"height: 24px;\"><b>Criteria<\/b><\/td>\n<td style=\"height: 24px;\"><b>RBAC<\/b><\/td>\n<td style=\"height: 24px;\"><b>ABAC<\/b><\/td>\n<\/tr>\n<tr style=\"height: 24px;\">\n<td style=\"height: 24px;\"><b>How to grant permissions<\/b><\/td>\n<td style=\"height: 24px;\">Based on a fixed role.<\/td>\n<td style=\"height: 24px;\">Based on dynamic attributes (user \u2013 document \u2013 context)<\/td>\n<\/tr>\n<tr style=\"height: 24px;\">\n<td style=\"height: 24px;\"><b>Level of flexibility<\/b><\/td>\n<td style=\"height: 24px;\">Average \u2013 suitable for processes with few variations<\/td>\n<td style=\"height: 24px;\">Very high \u2013 meets complex approval logic and multiple conditions<\/td>\n<\/tr>\n<tr style=\"height: 48px;\">\n<td style=\"height: 48px;\"><b>Suitable for this type of business<\/b><\/td>\n<td style=\"height: 48px;\">Small and medium-sized enterprises, simple processes, not too many approval levels.<\/td>\n<td style=\"height: 48px;\">Large enterprise, multiple branches, multiple legal entities, multiple cost centers &amp; brands<\/td>\n<\/tr>\n<tr style=\"height: 48px;\">\n<td style=\"height: 48px;\"><b>Risk control<\/b><\/td>\n<td style=\"height: 48px;\">Good for Separation of Duties (SoD)<\/td>\n<td style=\"height: 48px;\">Excellent for multi-level control, limits, budgets, vendor risk\u2026<\/td>\n<\/tr>\n<tr style=\"height: 24px;\">\n<td style=\"height: 24px;\"><b>System Administration<\/b><\/td>\n<td style=\"height: 24px;\">Easy \u2013 role-based management<\/td>\n<td style=\"height: 24px;\">Complex \u2013 need governance, policy engine<\/td>\n<\/tr>\n<tr style=\"height: 48px;\">\n<td style=\"height: 48px;\"><b>Scalability as the business grows<\/b><\/td>\n<td style=\"height: 48px;\">Limitations (Role Explosion)<\/td>\n<td style=\"height: 48px;\">Very good \u2013 only expands by attribute<\/td>\n<\/tr>\n<tr style=\"height: 24px;\">\n<td style=\"height: 24px;\"><b>Popular applications<\/b><\/td>\n<td style=\"height: 24px;\"><a href=\"https:\/\/bizzi.vn\/erp-la-gi-phan-mem-erp-mang-lai-loi-ich-gi-cho-doanh-nghiep\/\">ERP<\/a> traditional, HRM, small systems<\/td>\n<td style=\"height: 24px;\">Modern ERP, AP Automation, Treasury, EPM, Workflow engine<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<figure id=\"attachment_999979460\" aria-describedby=\"caption-attachment-999979460\" style=\"width: 1024px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"wp-image-999979460 size-full\" src=\"https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/rbac-va-abac-trong-tai-chinh-la-gi-1.webp\" alt=\"rbac and abac in finance 1\" width=\"1024\" height=\"625\" title=\"\" srcset=\"https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/rbac-va-abac-trong-tai-chinh-la-gi-1.webp 1024w, https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/rbac-va-abac-trong-tai-chinh-la-gi-1-300x183.webp 300w, https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/rbac-va-abac-trong-tai-chinh-la-gi-1-768x469.webp 768w, https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/rbac-va-abac-trong-tai-chinh-la-gi-1-18x12.webp 18w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption id=\"caption-attachment-999979460\" class=\"wp-caption-text\">In finance and accounting, applying RBAC\/ABAC is not only a \u201cbest practice\u201d, but also a mandatory requirement for safe and efficient operations as the business grows.<\/figcaption><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Ung_dung_RBAC_va_ABAC_trong_tai_chinh_%E2%80%93_ke_toan\"><\/span><b>Applications of RBAC and ABAC in finance and accounting.\u00a0<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">In finance and accounting, every transaction involves money, compliance, risk, and sensitive data. Therefore, applying RBAC\/ABAC is not only a \u201cbest practice\u201d, but also a mandatory requirement for safe and efficient operations as the business grows.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Accounts_Payable_AP_%E2%80%93_P2P\"><\/span><b>Accounts Payable (AP) \u2013 P2P<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">RBAC in AP is used to separate tasks and ensure SoD:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>AP Maker<\/b><span style=\"font-weight: 400;\"> \u2192 Create PR\/PO, enter invoice.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>AP Checker<\/b><span style=\"font-weight: 400;\"> \u2192 Verify validity, compare PO\u2013GR\u2013Invoice.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Approval<\/b><span style=\"font-weight: 400;\"> \u2192 Approve payment.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Treasury<\/b><span style=\"font-weight: 400;\"> \u2192 Make the payment.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">RBAC guarantees <\/span><i><span style=\"font-weight: 400;\">Creators cannot self-approve; approvers cannot self-pay.<\/span><\/i><span style=\"font-weight: 400;\">.<\/span><\/p>\n<h4><span class=\"ez-toc-section\" id=\"ABAC_trong_AP_dung_de_xu_ly_quy_tac_phuc_tap_theo_ngan_sach_%E2%80%93_cost_center_%E2%80%93_han_muc\"><\/span><span style=\"font-weight: 400;\">ABAC in AP is used to handle complex rules based on budget \u2013 cost center \u2013 limits:<\/span><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Only Marketing Managers are approved. <\/span><b>&lt; 50 million<\/b><span style=\"font-weight: 400;\"> for marketing costs.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Controller approves if <\/span><b>vendor risk = high<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">CFO approves if <\/span><b>Invoice &gt; 200 million<\/b><span style=\"font-weight: 400;\"> or exceeding the departmental budget.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">AP staff only saw invoices belonging to <\/span><b>Company A<\/b><span style=\"font-weight: 400;\"> (attribute = company).<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">ABAC helps P2P systems automatically select the right reviewer \u2192 reduce errors, increase compliance.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Accounts_Receivable_AR_%E2%80%93_O2C\"><\/span><b>Accounts Receivable (AR) \u2013 O2C<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">RBAC in AR is clearly separated to prevent fraudulent write-offs\/reductions of liabilities.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Sales Admin<\/b><span style=\"font-weight: 400;\"> create invoice<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>AR Officer<\/b><span style=\"font-weight: 400;\"> Record cash receipts \u2013 reconcile.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>AR Manager<\/b><span style=\"font-weight: 400;\"> approve debt adjustment<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">ABAC in AR operates more transparently \u2013 reducing the risk of data manipulation.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Only AR is responsible <\/span><b>Southern region<\/b><span style=\"font-weight: 400;\"> View accounts receivable in Southern Vietnam.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Only allow debt adjustments if <\/span><b>Invoice not yet confirmed.<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Automatically escalate to Finance Manager when <\/span><b>DSO exceeds 45 days.<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Only CEOs can view aggregated AR reports by brand\/company.<\/span><\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Treasury\"><\/span><b>Treasury<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">RBAC in the Treasury:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Separate: <\/span><b>cash forecaster \u2013 payment maker \u2013 payment approver \u2013 reconciler<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Minimize the risk of transferring money incorrectly or fraudulently.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">ABAC in Treasury protects a company&#039;s cash reserves with dynamic risk-based policies.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Payment limits are based on <\/span><b>type of cost<\/b><span style=\"font-weight: 400;\">, <\/span><b>currency<\/b><span style=\"font-weight: 400;\">, <\/span><b>account level<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Payment exceeding 500 million VND is mandatory. <\/span><b>2 approvers<\/b><span style=\"font-weight: 400;\"> and must be from <\/span><b>Company IP\/VPN<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Only the Treasury department views the cash flow details for each account; the CFO views the consolidated results.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Control international transactions based on risk criteria (country risk score).<\/span><\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Ke_toan_tong_hop_%E2%80%93_R2R_%E2%80%93_Dong_ky_Closing\"><\/span><b>General Accounting \u2013 R2R \u2013 Closing<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">RBAC in R2R<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Company A&#039;s accountant only records company A&#039;s journal.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">General accountants review and consolidate data.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Controller\/Chief Accountant approves adjusting entries.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">ABAC in R2R<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Only allow journal posts if <\/span><b>sub-ledger reconciled<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Do not allow editing of data after <\/span><b>locked period<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Separate the right to view salary by <\/span><b>department<\/b><span style=\"font-weight: 400;\"> and <\/span><b>Sensitivity attribute<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Policy: Journal &gt; 200 million \u2192 require CFO approval.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Ensure transparent closing process, reduce end-of-period discrepancies.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"FP_A_%E2%80%93_Bao_cao_Ngan_sach\"><\/span><b>FP&amp;A \u2013 Reporting &amp; Budgeting<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">RBAC in FP&amp;A<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">FP&amp;A Analyst views data by assigned legal entity.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The FP&amp;A Manager reviews the entire budget and forecast.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The CFO views the consolidated view across the entire corporation.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">ABAC in FP&amp;A helps companies secure sensitive data &amp; control budgets accurately.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Data viewing permissions <\/span><b>cost center<\/b><span style=\"font-weight: 400;\">, <\/span><b>project<\/b><span style=\"font-weight: 400;\">, <\/span><b>brand<\/b><span style=\"font-weight: 400;\">, <\/span><b>region<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Only departments can view their own budget.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Conditional budget overstay alert: \u201cIf spend &gt; 110% budget \u2192 send notification to Controller\u201d.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Only allow budget file download when user access from internal VPN.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Filter payroll data by sensitivity \u2192 only HR and CFO can view full details.<\/span><\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Cong_nghe_ho_tro_RBAC_va_ABAC_trong_tai_chinh_la_gi\"><\/span><b>What is the technology that supports RBAC and ABAC in finance?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">RBAC and ABAC are not just &quot;decentralization models,&quot; but the backbone of financial control. However, businesses cannot implement them effectively without technological support. Below are some technology solutions to support RBAC &amp; ABAC.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"He_thong_ERP\"><\/span><b>ERP system<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><b>SAP \/ Oracle \/ Dynamics 365<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">It provides a very powerful RBAC, allowing for detailed role assignment by module (AP, AR, GL, Asset, etc.).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ABAC support through <\/span><b>Policy Engine<\/b><span style=\"font-weight: 400;\"> or <\/span><b>BRF+ (Business Rule Framework)<\/b><span style=\"font-weight: 400;\"> \u2192 can create rules by limit, cost center, project, and document type.<\/span><\/li>\n<\/ul>\n<p><b>Odoo \/ MISA \/ BRAVO \/ FAST<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Mainly based on traditional RBAC.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Not flexible enough for businesses with multi-tiered, multi-company, or complex budget approval processes.<\/span><\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"IAM_%E2%80%93_Identity_Access_Management\"><\/span><b>IAM \u2013 Identity &amp; Access Management<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Platforms like <\/span><b>Azure AD, Okta, Auth0<\/b><span style=\"font-weight: 400;\"> provide:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>SSO<\/b><span style=\"font-weight: 400;\">: 1 account with full access to ERP, AP Automation, Treasury, and EPM.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>MFA<\/b><span style=\"font-weight: 400;\">: Increase security for sensitive tasks like payment approvals.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Conditional Access (ABAC)<\/b><span style=\"font-weight: 400;\">: limit access by device, IP, time, location.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">IAM acts as a \u201cbackground layer\u201d for RBAC\/ABAC, helping to synchronize permissions between multiple financial systems.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"APAR_Automation\"><\/span><b>AP\/AR Automation<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Modern AP\/AR Automation solutions (e.g. Bizzi IPA, Tipalti, Coupa, Airbase) should have:<\/span><\/p>\n<p><span style=\"font-weight: 400;\">RBAC<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Mapping available roles AP Maker, Checker, Approver, Treasurer, CFO.<\/span><\/li>\n<\/ul>\n<p><b>ABAC<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Policy Engine supports rules according to:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Approval limit<\/b><span style=\"font-weight: 400;\"> (approval limit).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Departmental Budget \/ Cost Center<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Type of document<\/b><span style=\"font-weight: 400;\"> (invoice, PO, expense claim).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Vendor Risk \/ Payment Risk<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Project, contract, and workflow specifics.<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Multi-level Approval<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Automatically identify reviewers by rule \u2192 avoid having to create 20\u201330 roles like traditional RBAC.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Cost Center-Based Access<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Employees only see data within their department.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">CFO\/FP&amp;A can view cross-company or consolidated view.<\/span><\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Audit_Logging_%E2%80%93_Bat_buoc_cho_tai_chinh\"><\/span><b>Audit Logging \u2013 Mandatory for Finance<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">To support internal and independent audits, the system needs detailed logs:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Who sees what data?<\/b><span style=\"font-weight: 400;\"> (Data Access Log)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Who edited the documents?<\/b><span style=\"font-weight: 400;\"> (Change Log)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Who approves over-limit spending?<\/b><span style=\"font-weight: 400;\"> (Approval Exception Log)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Who creates, deletes, and updates vendors?<\/b><span style=\"font-weight: 400;\"> (Vendor Master Log)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Suspicious login session<\/b><span style=\"font-weight: 400;\"> (Abnormal Access)<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Audit logs are a mandatory component in both RBAC and ABAC for risk control.<\/span><\/p>\n<figure id=\"attachment_999979464\" aria-describedby=\"caption-attachment-999979464\" style=\"width: 1200px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"wp-image-999979464\" src=\"https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/rbac-va-abac-trong-tai-chinh-la-gi-4.webp\" alt=\"rbac and abac in finance are what 4\" width=\"1200\" height=\"582\" title=\"\" srcset=\"https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/rbac-va-abac-trong-tai-chinh-la-gi-4.webp 1454w, https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/rbac-va-abac-trong-tai-chinh-la-gi-4-300x145.webp 300w, https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/rbac-va-abac-trong-tai-chinh-la-gi-4-1024x497.webp 1024w, https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/rbac-va-abac-trong-tai-chinh-la-gi-4-768x372.webp 768w, https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/rbac-va-abac-trong-tai-chinh-la-gi-4-18x9.webp 18w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/><figcaption id=\"caption-attachment-999979464\" class=\"wp-caption-text\">RBAC and ABAC are not just &quot;decentralization models,&quot; but the backbone of financial control. However, businesses cannot implement them effectively without supporting technology.<\/figcaption><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Compliance_%E2%80%93_Risk_%E2%80%93_Audit_Vi_sao_RBAC_va_ABAC_trong_tai_chinh_dong_vai_tro_cot_loi\"><\/span><b>Compliance \u2013 Risk \u2013 Audit: Why do RBAC and ABAC play a core role in finance?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">RBAC\/ABAC is not just a decentralization technique, but a foundation for risk control, compliance, and transparency throughout the entire corporate financial system. This is due to the following four pillars:<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"1_Segregation_of_Duties_SoD_Yeu_cau_bat_buoc_trong_tai_chinh\"><\/span><b>1. Segregation of Duties (SoD): A mandatory requirement in finance<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">SoD guarantees <\/span><b>no single individual owns the entire process<\/b><span style=\"font-weight: 400;\">RBAC\/ABAC helps automate SoD by:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">People <\/span><b>create<\/b><span style=\"font-weight: 400;\"> Invoice cannot be <\/span><b>self-censorship<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">People <\/span><b>browse<\/b><span style=\"font-weight: 400;\"> cannot <\/span><b>self-checkout<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">People <\/span><b>vendor update<\/b><span style=\"font-weight: 400;\"> It is not possible to create a payment voucher for that vendor.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">SoD = the foundation for reducing the risk of fraud and errors in AP, AR, Treasury, and GL.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"2_Ngan_chan_gian_lan_noi_bo_Internal_Fraud\"><\/span><b>2. Prevent Internal Fraud<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">RBAC\/ABAC dramatically reduces the risk of fraud by limiting permissions based on roles + conditions.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Cac_loai_gian_lan_pho_bien_trong_tai_chinh\"><\/span><b>Common types of fraud in finance:<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Fake invoice.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Self-approval: self-create \u2013 self-approve \u2013 self-pay.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Bypass limit: approve large expenses using an unauthorized account.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Manipulate vendor: add virtual vendor yourself and pay.<\/span><\/li>\n<\/ul>\n<h4><span class=\"ez-toc-section\" id=\"Cach_RBAC_ABAC_ngan_chan\"><\/span><span style=\"font-weight: 400;\">How RBAC + ABAC prevents:<\/span><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Only AP Maker role can create invoices, but approval must be Checker or Approver.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ABAC blocks approval if the amount &gt; limit or is not in the approver&#039;s cost center.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The Treasury only pays amounts that have passed the proper approval process.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Reduce fraud risk upfront, without post-processing.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"3_Dap_ung_cac_chuan_tuan_thu_kiem_toan\"><\/span><b>3. Meet compliance &amp; audit standards<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">International standards require clear, transparent and auditable access controls:<\/span><\/p>\n<p><span style=\"font-weight: 400;\">ISO 27001<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Requires role-based access control + principle of least privilege.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">RBAC\/ABAC meets the requirement of separation of rights and restriction of access by attributes.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">SOC 2 (Security \u2013 Availability \u2013 Confidentiality)<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Request full Audit Log: who viewed what, who edited what.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ABAC supports rule-based access, reducing the risk of incorrect data access.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">SOX (Sarabines\u2013Oxley) \u2013 for publicly listed companies<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Access control in AP\/AR\/GL is a mandatory feature.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">RBAC\/ABAC helps establish SoD and approval control \u2192 meets Internal Control over Financial Reporting (ICFR).<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Without an RBAC\/ABAC model, businesses <\/span><b>no pass<\/b><span style=\"font-weight: 400;\"> Independent audit and internal audit.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"4_Zero_Trust_Finance_Model\"><\/span><b>4. Zero Trust Finance Model<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Zero Trust applied to finance = <\/span><b>&quot;No one is automatically entitled to a right.&quot;<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Principle:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">No override permissions were granted.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Don&#039;t trust someone based on their title.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Rights are only granted when <\/span><b>appropriate role + attributes + context<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">RBAC + ABAC = Zero Trust platform in finance:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">RBAC: \u201cwho does what\u201d framework.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ABAC: conditional control (limits, cost centers, document types, etc.).<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The two models combine to form \u201cLeast Privilege Finance\u201d: everyone only sees and does what they are allowed to.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Vai_tro_cua_Bizzi_trong_trien_khai_RBAC_ABAC_trong_tai_chinh_hien_dai_la_gi\"><\/span><b>What is Bizzi&#039;s role in implementing RBAC &amp; ABAC in modern finance?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Businesses increasingly require tight access control, clear separation of duties, and budget\/limit approvals. Bizzi is designed to integrate both RBAC (Role-Based Access Control) and ABAC (Attribute-Based Access Control) across the entire finance and accounting workflow.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Bizzi not only decentralizes by role but also manages permissions by <\/span><b>budget, cost center, limit, project, spending category<\/b><span style=\"font-weight: 400;\">, suitable for the control model of large enterprises.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Bizzi_Expense_%E2%80%93_Phan_quyen_ngan_sach_phe_duyet_chi_tieu\"><\/span><b>Bizzi Expense \u2013 Budget Decentralization &amp; Expense Approval<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">RBAC \u2013 Role-based hierarchy:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Employee \u2192 Department Head \u2192 CFO.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Each role has the right to create - view - approve according to clearly defined regulations.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">ABAC \u2013 Authorization by Financial Attributes:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>According to the limit<\/b><span style=\"font-weight: 400;\">: The system automatically determines the approval level based on the value of the expense.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>According to the budget department<\/b><span style=\"font-weight: 400;\">Only the management level of that department is authorized to approve.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>By type of spending<\/b><span style=\"font-weight: 400;\"> (OPEX\/CAPEX\/Marketing\/Travel\u2026).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Automatically block over budget<\/b><span style=\"font-weight: 400;\"> in real time.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Bizzi Expense ensures that all expenses are approved correctly \u2013 within the allocated limit and budget, minimizing the risk of fraud and overspending.<\/span><\/p>\n<figure id=\"attachment_999979448\" aria-describedby=\"caption-attachment-999979448\" style=\"width: 1024px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-999979448 size-full\" src=\"https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/cfo-dashboard-la-gi-5.png\" alt=\"rbac and abac in finance are what 4\" width=\"1024\" height=\"880\" title=\"\" srcset=\"https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/cfo-dashboard-la-gi-5.png 1024w, https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/cfo-dashboard-la-gi-5-300x258.png 300w, https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/cfo-dashboard-la-gi-5-768x660.png 768w, https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/cfo-dashboard-la-gi-5-14x12.png 14w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption id=\"caption-attachment-999979448\" class=\"wp-caption-text\">Bizzi Expense \u2013 Budget Decentralization &amp; Expense Approval<\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"Bizzi_AP_Automation_%E2%80%93_Kiem_soat_hoa_don_bang_RBAC_ABAC\"><\/span><b>Bizzi AP Automation \u2013 Invoice Control with RBAC + ABAC<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>RBAC \u2013 Separation of Duties in AP:<\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\">Maker \u2192 Checker \u2192 Approver.<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\">Ensure SoD (Segregation of Duties) meets audit standards.<\/li>\n<\/ul>\n<p>ABAC \u2013 Attribute-Based Access Management:<\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\">Departmental accountants can only view invoices belonging to their own department (cost center-based access).<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\">Block users who are not &quot;cost owners&quot;.<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\">Block over-budget invoices, do not allow creation or approval.<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\">View\/browse depending on vendor risk, document type or invoice value.<\/li>\n<\/ul>\n<p>Bizzi helps businesses maintain AP control according to Internal Control \u2013 ISO \u2013 SOX standards, significantly reducing the risk of fake invoices, incorrect accounts, or unauthorized self-approval.<\/p>\n<figure id=\"attachment_999979414\" aria-describedby=\"caption-attachment-999979414\" style=\"width: 1024px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-999979414 size-full\" src=\"https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/chi-phi-xu-ly-hoa-don-la-gi-6.png\" alt=\"rbac and abac in finance are what 4\" width=\"1024\" height=\"640\" title=\"\" srcset=\"https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/chi-phi-xu-ly-hoa-don-la-gi-6.png 1024w, https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/chi-phi-xu-ly-hoa-don-la-gi-6-300x188.png 300w, https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/chi-phi-xu-ly-hoa-don-la-gi-6-768x480.png 768w, https:\/\/bizzi.vn\/wp-content\/uploads\/2025\/12\/chi-phi-xu-ly-hoa-don-la-gi-6-18x12.png 18w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption id=\"caption-attachment-999979414\" class=\"wp-caption-text\">Bizzi helps businesses significantly reduce the risk of fake invoices, incorrect accounts or illegal self-approval.<\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"Bizzi_ARM_%E2%80%93_Phan_quyen_cong_no_theo_trach_nhiem_va_khach_hang\"><\/span><b>Bizzi ARM \u2013 Decentralize debt according to responsibility and customer<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Bizzi ARM (Accounts Receivable Management) feature \u2013 Accounts Receivable Authorization by Responsibility and Customer provides a more organized and secure way to manage receivables by limiting access and manipulation of receivables data based on the specific roles and responsibilities of each employee.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"RBAC\"><\/span><b>RBAC:<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Sales\/Customer Service Staff \u2192 Confirm outstanding debt.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">AR Accounting \u2192 Management \u2013 reconciliation.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">CFO \u2192 Track the entire business.<\/span><\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"ABAC_%E2%80%93_Phan_quyen_theo_%E2%80%9Ccustomer_ownership%E2%80%9D\"><\/span><b>ABAC \u2013 Delegation of authority based on \u201ccustomer ownership\u201d:<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\">Employees are only allowed to view accounts receivable from customers under their responsibility.<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\">Departments only view debts within their own region\/segment.<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\">The CFO and controller see all accounts payable to assess cash flow risk.<\/li>\n<\/ul>\n<p>Bizzi ARM helps businesses avoid situations where employees accidentally access sensitive data, while also increasing transparency in accounts receivable management.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Ket_luan\"><\/span><b>Conclude<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Above is all the information related to RBAC and ABAC analysis in finance. For small businesses, the RBAC model is enough to control the financial and accounting process because of the simple structure, few departments and few approval layers. However, when the business grows to medium size or larger, the need to control by budget, limit, cost center or type of cost becomes more complicated, making RBAC alone no longer sufficient. At this time, the hybrid model combining RBAC and ABAC is the optimal choice.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For large enterprises with multiple branches, multiple departments, multiple approval processes and strict control requirements, ABAC is almost mandatory to ensure transparency and compliance. Finally, enterprises that prioritize fraud prevention, cash flow transparency and move towards the Zero Trust Finance model should choose financial platforms that integrate both RBAC and ABAC with audit trail \u2013 typically Bizzi \u2013 to operate a more efficient, secure and automated control system.<\/span><\/p>\n<p><strong><em>Register here to receive a customized solution tailored specifically for your business: <a href=\"https:\/\/bizzi.vn\/dang-ky-dung-thu\/\">https:\/\/bizzi.vn\/dang-ky-dung-thu\/<\/a><\/em><\/strong><\/p>","protected":false},"excerpt":{"rendered":"<p>In finance, RBAC (Role-Based Access Control) grants permissions based on job titles (employees, managers), is simple, and\u2026<\/p>","protected":false},"author":56,"featured_media":999979463,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"categories":[369,263],"tags":[],"class_list":["post-999979459","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-chuyen-doi-tai-chinh","category-kien-thuc"],"acf":[],"_links":{"self":[{"href":"https:\/\/bizzi.vn\/en\/wp-json\/wp\/v2\/posts\/999979459","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bizzi.vn\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bizzi.vn\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bizzi.vn\/en\/wp-json\/wp\/v2\/users\/56"}],"replies":[{"embeddable":true,"href":"https:\/\/bizzi.vn\/en\/wp-json\/wp\/v2\/comments?post=999979459"}],"version-history":[{"count":4,"href":"https:\/\/bizzi.vn\/en\/wp-json\/wp\/v2\/posts\/999979459\/revisions"}],"predecessor-version":[{"id":999980439,"href":"https:\/\/bizzi.vn\/en\/wp-json\/wp\/v2\/posts\/999979459\/revisions\/999980439"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bizzi.vn\/en\/wp-json\/wp\/v2\/media\/999979463"}],"wp:attachment":[{"href":"https:\/\/bizzi.vn\/en\/wp-json\/wp\/v2\/media?parent=999979459"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bizzi.vn\/en\/wp-json\/wp\/v2\/categories?post=999979459"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bizzi.vn\/en\/wp-json\/wp\/v2\/tags?post=999979459"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}