[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Groups vs. Roles
for my own edification, i would like to take a shot at this in lay terms... first, i believe that the discussion arose in response to a statement/question regarding groups being the same thing as roles. i see the fundamental difference as this: groups identify who you ARE, roles describe what you [can] DO. therefore, a group is an attribute of a 'user' (or group), while a role is a collection of policies that are applied to a user. policies are not assigned directly to a user; by 'assigning' a policy to a user, you are in actuality assigning a policy to the role that is applied the user, either explicitly (via a discretely defined role assigned to a user) or implicitly (via the unique, unstated role assigned to a user for such reference). does this make sense? b
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC