The ClearPath MCP environment supports role-based access control for applications using permissions, roles, and realms.

A permission defines a capability specific to the application subsystem. A role defines a collection of permissions. A permission may be assigned to more than one role. A role is populated with users. If a user has been added to a role, a user or process running under a usercode can be assigned to the role. An application can inquire whether a process has a specific permission. Realms, roles, and permissions are application-defined identifiers.

An application subsystem can control user capabilities by roles defined using role-based access control. An application subsystem (or REALM) is defined through the Security Center MCP User Account Management module and the Application Roles Management node, and is populated with application-specific roles and permissions.

For more information about role-based access control, refer to the Security Software Developers Kit (SDK), which contains sample programs, and the Security Center Help, which describes the Security Center administration interface.