Sometimes I get confused by terminology. And many of the marketing pages that reply to such queries don’t really help. So I here is my simple breakdown of these terms in relation to each other.
Entitlements are Granular Permissions. Entitlements represent specific rights or privileges and are the building blocks of roles and can be assigned individually or as part of a role.
Example: An entitlement might be “Access to Premium Reports”. This entitlement can be part of multiple roles, such as “Admin” or “Premium User”.
Note that not always entitlements are explicitly exposed, and are roles used in downstream applications to determine the exact entitlements associated with a role. Enterprise applications do attempt to separate these, but there is a lot of additional administration associated with this, especially when applications are extended rapidly.
Can be considered a collection of entitlements, a higher-level abstraction that groups multiple entitlements together. When a role is assigned to a user, the user “inherits” all the entitlements associated with that role.
Roles therefore simplify management. Instead of assigning multiple entitlements individually to each user, you can assign a role that encapsulates those entitlements.
Example: An “Admin” role might include entitlements such as “Create User”, “Delete User”, “Access Reports”.
Some systems allow grouping users. This helps logical separations and with applying roles and/or entitlements easily to a larger number of people; assign roles to a group and all members of the group inherit those roles and entitlements.
Example: A “Marketing Team” group might have the “Marketing Tools Access” role assigned to it. All users in the “Marketing Team” group will inherit the entitlements associated with the “Marketing Tools Access” role.
Enjoyed this? Follow me on Mastodon or add the RSS, euh ATOM feed to your feed reader.
Dit artikel van murblog van Maarten Brouwers (murb) is in licentie gegeven volgens een Creative Commons Naamsvermelding 3.0 Nederland licentie .