Fork me on GitHub

Hi Shiro community,

The following article helps explain the differences in role-based vs resource-based access control and why Shiro's permission construct (which is based on resources) can be much better for an application:

The New RBAC: Resource-Based Access Control