When building a web application with authenticated users, it’s important to define which users can perform which actions. Each role permits certain capabilities, with users only able to perform the actions associated with their specific role. Roles and capabilities should allow overlap between users with similar permissions, while still allowing differentiated levels between users.

Let’s imagine we’re designing an application that allows users to vote (yes or no) on different workplace issues.

Admin roles can perform higher-level actions related to data across the application, as well as actions around user management and global settings.

Related Articles