Role-Based Access Control (RBAC)

6. Domains

With domains you can combine users that don't share a common group ID as well as groups so that they share a single policy. Domains work just like roles, with the only exception being that the line starting with "role" is replaced with one of the following:

domain somedomainname u user1 user2 user3 user4... usern
domain somedomainname g group1 group2 group3 group4... groupn

Example:

domain somedomain u daemon bin www-data
subject /
    /    h

As it is with user and group roles, all domain members must exist, and if they're not, an error is raised.