Role Based Access Control

Each role has a list of domains that may exist in it

At login time the session is changed, also the newrole program may be used to change roles (comparable to an su operation)

A role doesn't often change (unlike the domain which regularly changes automatically without the user noticing)

The role determines which domains are valid

User can only change roles by re-authenticating with newrole or run_init in the current utility programs - this can be changed