How Can We Help?
A model for controlling access to resources where permitted actions on resources are identified with roles rather than with individual subject identities.
SOURCE: SP 800-95
Access control based on user roles (i.e., a collection of access authorizations a user receives based on an explicit or implicit assumption of a given role). Role permissions may be inherited through a role hierarchy and typically reflect the permissions needed to perform defined functions within an organization. A given role may apply to a single individual or to several individuals.
SOURCE: SP 800-53; CNSSI-4009