Menu
A lot of identity management implementations use roles in addition to groups. How are they different? So far I haven't found a compelling use case for separating the two. All the explanations I've read are vague and hand-wavey.
Can you give a good example where having roles and groups are necessary?
204
A group is a collection of users with a given set of permissions assigned to the group (and transitively, to the users). A role is a collection of permissions, and a user effectively inherits those permissions when he acts under that role.
Groups and Roles. Groups and roles can simplify control of database access. Groups are used to apply permissions to a list of users, while roles are used to associate subject privileges and permissions with an application.
Groups are used for object permissions; roles are used for application or function permissions.
Groups are collections of users who need the same permissions and are a shortcut way of assigning roles to users. For example, a System Administrator might create a Human Resources group or a Network group. Rather than adding a role individually to each user, System Administrators assign roles to groups.
Person - Group - Roles
Example:
In the event a new role (e.g. review_leave_requests) is created - this can be added to all those groups who require this role. In a system only having roles it may be a laborious task adding the role to all people that require it.
179
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
