Role-based access control (RBAC) is the dominant access control pattern for customer portals. Instead of granting permissions per-user (which doesn’t scale), permissions are grouped into roles (e.g., “Admin,” “Manager,” “Viewer,” “Auditor”), and users are assigned one or more roles.
For multi-tenant B2B portals, RBAC often combines with tenant-scoped permissions — a user is an Admin within their organization but has no visibility into other organizations.
See Role-Based Access Control for implementation patterns.