Role-based authorization is a great method for programmatically controlling what actions a user is permitted to perform. You’ll encounter certain complexities beyond what is demonstrated in this chapter as you apply role-based authorization to your real-world scenarios. The most common issues you’ll deal with are how to best associate users with roles—either directly or by using groups—and what security approach to use for decentralized systems.

The examples presented in this chapter demonstrated a simple system in which roles are assigned directly to users. In larger real-world systems, you would probably bunch several users who share a common role together into a group. Figure 2-3 shows how this might ...