Role-based AC example
12.2.1.1. Role-based access control example

Consider the following example:

Role-based access policy example

The users (User1 ... User4) access three different applications with different access rights.

  • Applications:
    • Public Portal: A public web application accessible by anyone without prior authentication.
    • Customer Portal: A web application only accessible by known customers and selected administrators.
    • Admin Portal: A web application only accessible by selected administrators.
  • Users with allowed access (access policy):
Username
Public
portal
Customer
portal 
Admin
portal 
User1
check.svg
error.svg
error.svg
User2
check.svg
check.svg
check.svg
User3
check.svg
check.svg
error.svg
User4
check.svg
error.svg
check.svg