Role-based security, also called role-based access control (RBAC), allows the breakdown of privileged operations into fine-grained sets that can be individually granted to users.
It provides granular access control in a flexible and easy to use manner and enforces the separation of duties principle by making it possible to assign disjointed sets of privileged tasks to separate autonomous entities. Finally, it allows full control over which system privileges and roles can be granted to other entities.
Role-based security is based on the concepts of system and object-level privileges and roles. A privilege controls the ability to perform a specific task and can be granted directly to a user. A role is an entity to which system privileges and object-level privileges can be associated. Granting system and object-level privileges to a role and then granting the role to users allows users to inherit the privileges of the role. You can also grant roles to other roles to create a hierarchical security structure.
Each system privilege or role has designated administrators whose responsibility it is to control which users are granted the system privilege or role, which users can themselves act as administrators of the system privilege or role, or which users can do both.