Using an authorization service offers greater control than using a role service, but the API is more complicated than the role service API.
The role service acts server-wide, and evaluates user membership in declared EAServer roles associated with a resource (package, component, method, or Web resource collection).
An authorization service can control access to all resources on a server, or only those in a particular application, Web application, or package. With the authorization service, you can allow or deny access to resources with no dependencies on roles configured in EAServer.
You can use both a role service and an authorization service. For example, you could use a role service to configure role-based resource permissions in the Web Management Console, but use an authentication service to create audit logs to track user access to resources.
