Back to Security Pattern Catalog
Role Based Access Control
: Perimeter Security, Information Disclosure
Specifying Authorization policies becomes difficult if a system has many users and resources.
How do we reduce the number of individual rights when there are many subjects and objects involved ?
Group subjects into roles based on similarities in duties performed. Assign rights of accessing objects to roles.
Sun’s J2EE, Microsoft’s Windows 2000.
Access Control, Policy, Role
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz