组和角色之间有什么区别? [英] What's the difference between groups and roles?

问题描述

除了组之外，许多身份管理实现还使用角色.它们有何不同?到目前为止，我还没有找到一个令人信服的用例来将两者分开.我读过的所有解释都是含糊不清的.

A lot of identity management implementations use roles in addition to groups. How are they different? So far I haven't found a compelling use case for separating the two. All the explanations I've read are vague and hand-wavey.

你能举一个很好的例子，说明角色和是必要的吗?

Can you give a good example where having roles and groups are necessary?

推荐答案

Person - Group - Roles

Person - Group - Roles

• 一个人是一个或多个组的成员.
• 一个群组被分配了多个角色.

示例:

• 系统中存在两个角色stock_purchaser，timecard_supervisor.
• 系统中存在两个组shift_supervisor，regional_manager.
• regional_manager 具有 stock_purchaser 和 timecard_supervisor 角色.
• shift_supervisor 具有 timecard_supervisor 角色.

• Two roles exist in a system stock_purchaser, timecard_supervisor.
• Two groups exist in a system shift_supervisor, regional_manager.
• regional_manager has the stock_purchaser and timecard_supervisor role.
• shift_supervisor has the timecard_supervisor role.

如果创建了新角色(例如 review_leave_requests) - 可以将其添加到需要此角色的所有组中.在只有角色的系统中，将角色添加到所有需要它的人可能是一项艰巨的任务.

In the event a new role (e.g. review_leave_requests) is created - this can be added to all those groups who require this role. In a system only having roles it may be a laborious task adding the role to all people that require it.

这篇关于组和角色之间有什么区别?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！