A given person or principal need not always have the same set of privileges. Rather than continually change them across different contexts, it is convenient to introduce the notion of a role, a set of actions and responsibilities associated with a particular activity [11] that might be adopted by any principal. A role is normally represented as a set of privilege attributes that a principal or set of principals can exercise within a context of an organization. The notion of a role does not add any power to a security framework, but instead improves manageability by adding an optional level of indirection. Role-based access control provides a higher level of granularity than approaches limited only to individuals. Because roles make transient privilege assignment much easier to administer, they have been widely adopted in security frameworks.