What is the difference between a Permission Assignment and a Role?
The Role Based Access Control (RBAC) Reference Model defines permission as “an approval to perform an operation on one or more RBAC protected objects.” In the past, we have been referring to permission as a function, which are operations performed on objects. Examples are: Invoke Service Request Form, Update Order, Approve Expense Report, and Query Customers. We bundle permissions into Permission Sets, which are then granted to users or roles through Permission Assignments. Permission Assignments, therefore, reflect the access granted to users or roles. Permission assignments may be granted in one of two ways. Permission assignments can provide access to a limited set of data or they can provide access to some set of an application’s functionality.
The Role Based Access Control (RBAC) Reference Model defines permission as “an approval to perform an operation on one or more RBAC protected objects.” In the past, we have been referring to a permission as a function, which are operations performed on objects. Examples are: Invoke Service Request Form, Update Order, Approve Expense Report, Query Customers. We bundle permissions into Permission Sets, which are then granted to users or roles through Permission Assignments. Permission Assignments, therefore, reflect the access granted to users or roles. Permission assignments may be granted in one of two ways. Permission assignments can provide access to a limited set of data or they can provide access to some set of an application’s functionality.
