Open Web Application Security Project: "Access Control and Authorization"

Read this chapter about discretionary access control (DAC) and role-based access control (RBAC), a technical means for controlling access to computer resources.