Difference between ACL and RBAC components?


Hello all,

I am wondering about the difference between ACL and RBAC ? I’ve read this : “RBAC differs from access control lists (ACL) by putting the emphasis on roles and their permissions rather than objects (resources).”

But both have Roles and seems to do the same not exactly the same way but very similar.



Compare the underlying systems, not the components:

On these pages you will also find “Comparing with ACL” and “Comparing with RBAC”.


OK. If I understood correctly, the difference is the “philosophy” and the way it’s done. But in the case of a web site or application, both could achieve the same result.