Role-Based Access Control (RBAC)
6. Domains
With domains you can combine users that don't share a common group ID as well as groups so that they share a single policy. Domains work just like roles, with the only exception being that the line starting with "role" is replaced with one of the following:
domain somedomainname u user1 user2 user3 user4... usern domain somedomainname g group1 group2 group3 group4... groupn
Example:
domain somedomain u daemon bin www-data subject / / h
As it is with user and group roles, all domain members must exist, and if they're not, an error is raised.