Open Web Application Security Project: "Access Control and Authorization"
Read this chapter about discretionary access control (DAC) and role-based access control (RBAC), a technical means for controlling access to computer resources.
Click http://web.archive.org/web/20160429011917/http://www.cgisecurity.com/owasp/html/ch08.html link to open resource.