So you decided that you were going to set up a Chef server and configure your infrastructure in a smart way. Good for you! However, once you've moved past this stage, the next stage that will come and haunt most organizations is: How do we ensure that everyone is able to contribute towards using Chef, while ensuring that no big mess up happens when everyone is busy modifying the Chef code? Above all, how to ensure that anybody who is not supposed to access resources on the Chef server is denied access?

Chef provides a very fine-grained, role-based access to resources through Enterprise Chef.

Any system that has to provide for such a mechanism has to have two components included in it: