Authorization

https://softwareengineering.stackexchange.com/questions/299729/role-vs-permission-based-access-control