keycloak-scim/server_admin/topics/groups/groups-vs-roles.adoc
2017-08-28 20:10:09 +02:00

13 lines
742 B
Text

=== Groups vs. Roles
In the IT world the concepts of Group and Role are often blurred and interchangeable.
In {project_name}, Groups are just a collection of users that you can apply roles and attributes to in one place.
Roles define a type of user and applications assign permission and access control to roles
Aren't <<_composite-roles,Composite Roles>> also similar to Groups?
Logically they provide the same exact functionality, but the difference is conceptual.
Composite roles should be used to apply the permission model to your set of services and applications.
Groups should focus on collections of users and their roles in your organization.
Use groups to manage users. Use composite roles to manage applications and services.