Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What's the difference between groups and roles?

Tags:

terminology

A lot of identity management implementations use roles in addition to groups. How are they different? So far I haven't found a compelling use case for separating the two. All the explanations I've read are vague and hand-wavey.

Can you give a good example where having roles and groups are necessary?

like image 204
Alex B Avatar asked Sep 24 '10 07:09

Alex B

People also ask

What is the difference between roles and groups?

A group is a collection of users with a given set of permissions assigned to the group (and transitively, to the users). A role is a collection of permissions, and a user effectively inherits those permissions when he acts under that role.

What is group and role membership?

Groups and Roles. Groups and roles can simplify control of database access. Groups are used to apply permissions to a list of users, while roles are used to associate subject privileges and permissions with an application.

What is the difference between role and group in Documentum?

Groups are used for object permissions; roles are used for application or function permissions.

What is group and role in ServiceNow?

Groups are collections of users who need the same permissions and are a shortcut way of assigning roles to users. For example, a System Administrator might create a Human Resources group or a Network group. Rather than adding a role individually to each user, System Administrators assign roles to groups.

1 Answers

Person - Group - Roles

  • A person is a member of one or more groups.
  • A group is assigned multiple roles.

Example:

  • Two roles exist in a system stock_purchaser, timecard_supervisor.
  • Two groups exist in a system shift_supervisor, regional_manager.
  • regional_manager has the stock_purchaser and timecard_supervisor role.
  • shift_supervisor has the timecard_supervisor role.

In the event a new role (e.g. review_leave_requests) is created - this can be added to all those groups who require this role. In a system only having roles it may be a laborious task adding the role to all people that require it.

like image 179
Dale Reidy Avatar answered Nov 05 '22 12:11

Dale Reidy
Sign in to Comment

Related questions

The term "haystack" in the context of PHP
What does 'seeding' mean?
what is the difference between distributed computing, microservice and parallel computing
Eteration - explanation and example
what does shutil (in Python) mean? [closed]
What does the X in JAX-RS Stand For? [closed]
Is it webservice or web service? [closed]
What are ports in networking? [closed]
Python: Stacktrace vs Traceback
What is ABI(Application Binary Interface)?
Is there a single word meaning 'not null'?
Any difference between Lazy evaluation and Short-circuit evaluation?
What do you call the data wrapped inside a monad?
Panning, exact definition
Is the term "method" defined by the C++ Standard?
What is shotgun/voodoo programming?
Another word for Business Logic?
What does "bulk load" mean?
In source-control terminology what is a spike?
What is the difference between iteration and traversing?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!