An RPC, or remote procedure call, is a core server API call. From a right management point of view, it is the smallest permission item that can be granted to a user.
RPCs are provided by Handlers and we will refer to them with a name like /user/delete (The delete RPC provided by the user handler).
For simplicity, we will group a bunch of RPCs into roles. For exemple a user_crud role will group:
Profiles are then defined as a bunch of roles.
The user session holds the list of RPCs a user can call. This list will be used in our softwares to enable or disable parts of the user interfaces.
firstname.lastname@example.org is not tied to the RBAC model and can call every RPC.