Often, two Roles are similar, and perhaps related. This happens, for example, when one Role contains every Privilege that appears in another, plus at least one Privilege that the first Role did not include.

Rather than defining the two Roles independently, it is more natural to define one role as a combination of another role plus new Privileges.

Nested Roles serve this function. They can also be used to implement Business Roles vs. Infrastructure Roles -- by having Business Roles include Infrastructure Roles.

Return to IT Security Concepts