|
|
The main advantage of RBS is in the maintenance of systems employing the technique. The typical example is that you have a system of some kind that contains thousands of different users, possibly a human resources Web site for your corporate intranet. You want some users to be able to maintain their own information while you want a portion of other users to not have permission to write over existing files (or data in a database) or to access those files or data at all. In addition, you want to be able to grant to other users the ability to maintain information related to the corporate hierarchy, departments, organizational charts, and more.
So, in this sample, several different types of users exist within the system. Each type of user will need a different set of permissions in order to do their job. A user higher up in an organization might be granted more permissions than someone in the lower level of the organization. For example, the "department-head" type of user might have 50 different permissions while a "team-lead" type of user might only have 20 permissions. If the system has 10,000 users, think about the amount of time required to maintain each set of permissions individually for each user.
A more maintainable solution would be to first identify the various types of users in the system. Each "type" of user is a role. Then determine the permissions that belong to each role. Maintaining the system then becomes exponentially easier because all you have to do is map users to roles, rather than spending the painstaking time mapping individual permissions to each user.
|
|