Is one role limited to aggregate permissions within an application? What about - roles that aggregate roles (hierarchical roles) - roles that aggregate roles and permissions of different applications or systems (enterprise roles)
> Applications and Roles > --------------------------------- > > Application designers devise security permissions and roles specific to > applications. These > roles represent a set of rights authorizing principals to perform > operations or access resources > that must be allowed to fulfill a specific coherent function within > applications. These rights to > access resources are the permissions. The set of these permissions, > needed for a logical > function to be conducted in the application, is a role. > > To be concise we extract the following glossary definitions: > > Permission: > A right required by a system or application to authorize principals > to perform a > specific operation or access a resource in some manner. > > Role: > A set of permissions required by a principal to be authorized to > fulfill a logical function > within a system or application. > > Thanks, > Alex
