Role-Based Access Control (RBAC) architecture enforcing the principle of least privilege through identity verification, token issuance, and policy-driven authorization. Admin and Normal users authenticate via a centralized Authentication Service, receive JWT/Session tokens, and are routed through a Policy Engine that evaluates role, resource, and action before granting access. Admin users gain full CRUD access to all system data via Admin API Endpoints, while Normal users are restricted to read/write operations on their own data through User API Endpoints with row-level security enforced at the database layer. This architecture demonstrates how to implement fine-grained access control, minimize blast radius, and prevent privilege escalation by separating authentication from authorization and enforcing permissions at both API Gateway and database layers. Fork this diagram on Diagrams.so to customize role definitions, add additional user tiers, or integrate with your identity provider. Consider adding audit logging and multi-factor authentication checkpoints for enhanced security posture.