Role-based user administration is a way of reducing
the complexity and cost of user management. Rather than managing
the access rights of each user, the administrator can define the
access rights for "roles" and assign individual users
to one or more roles.
The WSA's model of user management allows administrators
to use role-based authentication when appropriate. To do so the
administrator creates a role (e.g. employee, customer, or executive)
and assigns resources to the role. A single certificate enrollment
to the role provides the user with access to all of the resources
associated with the role.
A web resource can be associated with multiple roles.
Similarly a user can enroll into multiple roles, thereby gaining
access to all of the resources allowed by the roles. In other words,
the WSA allows you to manage users as required by your business.
Role-based user management can greatly simplify
Role-based user management enhances security by
reducing the possibility of a security configuration error:
allowing a user access to the wrong resource
Role-based user management is more convenient for
users who require access to diverse resources. One enrollment
can provide access to all of his resources