Role-based security is a form of user-level security where a server doesn't focus on the individual user's identity but rather on a logical role she is in. This can be implemented many ways. One way is to simply install some local groups on the server machine that represents roles. The server application can then look for these group SIDs (Item 20) and make security decisions based on the groups' presence or absence. For example, if special privileged access to the server is restricted to members of the Admins role, a local group called APP_NAME_Admins can be created to represent that role.

What's nice about this simple role-based architecture is that it simplifies life for both the developer and the administrator ...