Role-based Access Control model
Associates permissions with roles, not directly with users
Each user (or subject) is associated with one or more roles
Each role is given the permissions that are needed for its correct operation
4 classes of RBAC models (core, hierarchical, constrained and unified)