34,333
edits
Changes
→Role Based Access Control
Essentially, RBAC assigns permissions to particular roles in an organization. Users are then assigned to that particular role. For example, an accountant in a company will be assigned to the ''Accountant'' role, gaining access to all the resources permitted for all accountants on the system. Similarly, a software engineer might be assigned to the ''developer'' role.
Roles differ from ''groups'' in that users while users may belong to multiple groups, a user under RBAC may only be assigned a single role in an organization. Additionally, there is no way to provide individual users additional permissions over and above those available for their role. The accountant described above gets the same permissions as all other accountants, nothing more and nothing less.
== Rule Based Access Control ==
