In many practical situations there may arise a need to distinguish among users of a system or designate specific user populations which are to be treated collectively in a certain manner. For example, access control systems may be required to grant or deny access based on different access permissions associated with different types of users. Similarly, subscription management systems may distribute content selectively according to different classes of subscribers or client bases.
One approach for making such distinctions and determinations derived therefrom uses the concept of roles. Each user is assigned with one of a predefined set of role types, whereby allowing a user or an administrator to configure rules and operations with respect to the assigned roles, such as, for example, which type of users can gain access, which type of users should receive notification on a certain event, or the like.
One type of roles typically used in such contexts is based on a functional or organizational role definition, such as, for example, a manager, an employee, or the like. Another type of roles used is artifact related, such as, for example, a document owner, a person designated in a certain field within a document, or the like. Yet another type of roles used is operational or platform related, such as, for example, a model of the user's device or equipment, an operating system version, an operating system security group, or the like. The roles of these sorts are statically defined and need to be determined explicitly and in advance by an administrator of the system prior to any user engagement therewith.