The terms Privileges and Resources are often used when discussing Role Based Access Control (RBAC).

A resource may be defined as any of the following:

  • A target system.
  • A security group on a target system.
  • A user attribute on a target system.
  • A user profile attribute in the user provisioning system (may not be mapped to a target system, or may be mapped to several).
  • A type of physical object (example: badge, token).
  • A role.

Return to IT Security Concepts