Back to Security Pattern Catalog




Role Based Access Control


Classification Key : Perimeter Security, Information Disclosure

Problem

Specifying Authorization policies becomes difficult if a system has many users and resources. How do we reduce the number of individual rights when there are many subjects and objects involved ?

Solution

Group subjects into roles based on similarities in duties performed. Assign rights of accessing objects to roles.

Known Uses

Sun’s J2EE, Microsoft’s Windows 2000.

Related Patterns

Authorization

Source

Wiley Book

Tags

Access Control, Policy, Role


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz