Under role based security systems, different roles are defined for various functions within an organization. The permissions to perform given operations are assigned to specific roles, as opposed to individual users. Users are assigned particular roles, and through those role assignments acquire the permissions to perform particular system functions. Since users are not assigned permissions directly, but only through their role(s), managing user rights becomes a matter of assigning the appropriate roles to the user, which simplifies common operations such as adding a user, or changing a user's department. Role based authentication system with access controlled file-systems exist today, such as Microsoft Windows® security in combination with NTFS, and UNIX® security in combination with UNIX® file-system.
Role based security infrastructure enables multiple users with the same role to access encrypted data on shared storage in enterprise and distributed environments. The traditional implementation approach for this scenario is to employ a dedicated key management system. However, key management systems are difficult to protect and maintain. It would be desirable to enable role based encryption without the overhead of a key management system.