The Sarbanes-Oxley Act establishes a set of requirements for financial systems, to deter fraud and increase corporate accountability. For information technology systems, regulators may need to know who used a system, when they logged in and out, what accesses or modifications were made to what files, and what authorizations were in effect. IT vendors responding to Sarbanes-Oxley (SOX) requirements have adopted RBAC as central to compliance solutions because RBAC was designed to solve this type of problem.
Sarbanes-Oxley Act of 2002 and Impact on the IT Auditor, IT Knowledgebase - comprehensive introduction to Sarbanes-Oxley requirements
Security and Privacy: access control