Roles

What is a Role?

A role is simply a collection of permissions. If a user assumes a role, they can take any of the actions associated with those permissions.

An example might be an admin role. Usually, admins are able to do the most because they have more permissions.

Roles, on some levels, have similar functionality to a group. Both have a set of permissions attached to it. However, a role is used more dynamically; users assume different roles, but typically don’t change groups. Once a user is added to a group, they typically retain that identity.

Although groups can function as a role, they are more than just a bundle of permissions. Groups tend to correlate with the structure at an organization, with groups often named after departments (e.g. Engineering, Sales, Marketing, etc.)

In true role based access control, roles are mutually exclusive while in a group-based system, permissions are additive. An example of mutually exclusive roles is demonstrated in AWS. You can only assume one role at a time, which means you have to switch roles depending on what you need access to.

About Opal:

Opal is the unified identity platform for modern enterprises. Opal aggregates identity and access data to provide visibility and defense-in-depth infrastructure for mission-critical systems. With the product, enterprises can discover anomalous identity risks and remediate them in minutes. The world's best companies trust Opal to govern and adapt sensitive access.

Want to see it yourself? Contact sales@opal.dev or book a meeting here for a personalized demo.