Each Role Based Access Control (RBAC) resource may have an associated Resource Owner. The owner might be asked to periodically review users who have been attached to the Resource. The Resource Owner might also be asked to authorize changes that impact the Resource, such as it being added to or removed from a role or a user.

Return to IT Security Concepts