Security Access Controls - 401-advanced-javascript-jv/seattle-javascript-401d30 GitHub Wiki

A key point of keeping a system secure is to restrict access to various resources and functions based on who is accessing or doing something.

There are multiple types of access control. There are access control lists (ACLs), which are sets of permissions that get applied to specific resources--file permissions are usually set this way, for instance.

Role-based Access Control (RBAC) is an access control method where you have a list of permissions that you assign to a name. You then assign the named role to a user, which gives that user the permissions they're supposed to have. It reduces confusion because it allows more descriptive permission sets, thereby reducing confusion and reducing the chance that security will be improperly applied.