2.3 Role-Based Services

Role Based Services (RBS) is a set of extensions to the eDirectory schema. RBS defines several object classes and attributes that provide a mechanism for administrators to grant a user access to management tasks based on the user's role in the organization. This gives users access to only those tasks that the users need to perform. RBS grants only the rights necessary to perform assigned tasks.

Furthermore, users are associated with roles in a specified scopeā€”a container in the tree in which the user has the requisite permissions to perform a task. A role requires this ternary association of role, members, and scope to be complete. The following figure illustrates the relationship of roles, members, and scopes.

Figure 2-3 The relationship of roles, members, and scope.

An RBS role object creates an association between users and tasks. An administrator grants a user access to a task by making the user a member of the role to which the task is assigned.

A user can be assigned to a role in the following ways:

A user can be associated with a role multiple times, each with a different scope.

For information about RBS directory objects, see Section 12.3, Role-Based Services Directory Objects.