11.3. Adding support to roles using the Roles API

In real-world applications, it’s often useful—and necessary—to divide users into groups. By using groups, you specify a common set of rules to all users in the group and assign the group to roles. In this way, you can assign an entire group of users who perform similar actions to a particular role.

Using groups of users lets you easily define your security policy. You can specify, for example, that the Editor group is the one in which the users with editing permissions on your application will reside. You can protect your resources using a specific role. When someone needs to be added to this role, you don’t need to specifically map this new user to the set of pages that implements this feature; instead, you simply add that user to the corresponding role. This process can greatly simplify your work, especially in large applications where it’s difficult (if not impossible) to work with explicit permissions on individual users, but it’s more pragmatic to work using groups.