Full Title or Meme
A set of duties and permissions that one person (or group of people) can inhabit as a result of who they are or what credentials they have presented.
In Identity Management a Subject will Authenticate to a system, be assigned a Principal Identifier and then present some credentials at or after Authentication that allow them the permissions associated with that Role. Those permissions will Authorize access by the user processes with the Principal Identifier and Role to access resource on the computer that controls access to them.
Computer administrators had trouble with assigning permissions to each user that required them.
- Assign permissions to roles.
- Assign roles to resources. Often one resource will have multiple roles, for example: Create, Read, Update, Delete (aka CRUD).