Access control in computer networks generally involves a group of devices from an outside network (outsider devices), a group of devices from an inside network (insider devices), and an access control gateway sitting in between the outside network and inside network to determine which outsider devices can access which insider devices, and vice versa. Access control is role-based if the access control decision is based on the user identity instead of the identity of the device itself, where the user identity can represent the user itself, a membership or group the user belongs to, or other postures that characterize the user using the device.
For remote access, role-based access also involves a group of users who can remotely control the insider device from the outsider device via the access control gateway as if they are controlling the insider device directly from the inside network. Typical examples for the remote access scenarios above include, but are not limited to, virtual network computing and virtual desktop infrastructure, which have become more and more popular in data center deployments.