[security-dev] Permission and Role

Rahul Mahindrakar rahul.mahindrakar at gmail.com
Wed Jun 4 19:40:45 EDT 2014

Is it possible To aggregate permissions under roles.

This makes it easier To grant roles To A user and thereby A large set OF permissions.

-----Original Message-----
From: "Shane Bryzak" <sbryzak at redhat.com>
Sent: ‎2014-‎06-‎05 01:29
To: "security-dev at lists.jboss.org" <security-dev at lists.jboss.org>
Subject: Re: [security-dev] Permission and Role

Hi Rahul,

They are fundamentally two very different things.  A role is typically used to define a set of users for which specific privileges are to be assigned, while a permission is used to control access to application resources or services.  A permission check can actually use the user's roles to determine whether the user has the necessary privilege to perform an action.  Here's a couple of pseudo-code examples to make this a little clearer:

1. Restricting access to a method based on the user's role:

public void doProtectedOperation() {

2. Restricting access to a method to users with permission to cancel a specific "order":

public void cancelOrder(@HasPermission("cancel") Order order) {

Hope that helps!


On 06/05/2014 09:13 AM, Rahul Mahindrakar wrote:


I have not been able to have a grasp of the difference between the usage of Role and permissions.

Can someone guide me in this direction



security-dev mailing list
security-dev at lists.jboss.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/security-dev/attachments/20140605/5a8279f2/attachment.html 

More information about the security-dev mailing list