Roles

A role is simply a collection of permissions. If a user assumes a role, they can take any of the actions associated with those permissions.

What is a Role?

A role is simply a collection of permissions. If a user assumes a role, they can take any of the actions associated with those permissions.

An example might be an admin role. Usually, admins are able to do the most because they have more permissions.

Roles, on some levels, have similar functionality to a group. Both have a set of permissions attached to it. However, a role is used more dynamically; users assume different roles, but typically don’t change groups. Once a user is added to a group, they typically retain that identity.

Although groups can function as a role, they are more than just a bundle of permissions. Groups tend to correlate with the structure at an organization, with groups often named after departments (e.g. Engineering, Sales, Marketing, etc.)

In true role based access control, roles are mutually exclusive while in a group-based system, permissions are additive. An example of mutually exclusive roles is demonstrated in AWS. You can only assume one role at a time, which means you have to switch roles depending on what you need access to.

Share