An RPC, or remote procedure call, is a core server API call. From a right management point of view, it is the smallest permission item that can be granted to a user.

RPCs are provided by Handlers and we will refer to them with a name like /user/delete (The delete RPC provided by the user handler).

For simplicity, we will group a bunch of RPCs into roles. For exemple a user_crud role will group:

Profiles are then defined as a bunch of roles.

The user session holds the list of RPCs a user can call. This list will be used in our softwares to enable or disable parts of the user interfaces.

admin0@global.virt is not tied to the RBAC model and can call every RPC.