...
Roles are RBAC objects that are actually just a special type of group.
Keep in mind:
- You need to use a role whenever you assign permissions.
- You can assign permissions to the role, which means that all users who have that role will effectively have that permission.
- Or you can assign permissions directly to the user in the context of the role. This is so shared permissions relate to an application.
- For example
...
- Mary cannot READ the artsAndSciences org.
- Mary can READ the artsAndSciences org as a user in the payroll system (payrollUser role).
- Note that a role is implemented as a special type of group, though you can think of it as a bridge between users and permissions.
...
- See additional information
...
- in the Grouper training video on Grouper Integration (around minute 3).
When do I use permission limits?
...