RBAC is supported using OPA layer. OPA and Envoy as sidecars in backend microservices provide RBAC to APIs by checking user roles from the authentication token.
{% embed url="https://project-sunbird.atlassian.net/wiki/spaces/~900520377/pages/2117140485/RBAC+Technical+Design" %} RBAC Design with Respect UserOrg {% endembed %}
{% embed url="https://project-sunbird.atlassian.net/wiki/spaces/DevOps/pages/2849308673/RBAC+on+Sunbird" %} RBAC Design from Devops {% endembed %}
{% embed url="https://github.com/project-sunbird/sunbird-devops/tree/master/kubernetes/opa" %} RBAC configurations {% endembed %}