    This was a good summary of RBAC.

    For an excellent critique of the foundational problems with ACLs (which apply to RBAC as well) – and a great introduction to capabilities, which solves those problems – see Chip Morningstar’s “What are capabilities?”.

      I tail on this to add : The moment you get to write your next app, consider using a library like https://casbin.org/ or https://github.com/ory/ladon instead of reinventing the wheel all over again. I wish I had knew about those few years back.