RBAC gives more control over actions an account can perform

If you are granted some action by a role but you have denied that permission, the action can not be done.

Permissions can have linked permissions (thus creating a role).
An account can be assigned granted and denied roles. Permissions inherited from roles are granted if roles is granted and denied if roles is denied.
An account can be assigned granted and denied permissions.
An account can have multiple roles and permissions.
An account can not have same permission or role granted and denied at same time.
Id 0 can not be used to define a permission.

See rbac_permissions table for complete listing of available permissions and associated id. This table is self-explanatory.

Name	Syntax	Description
.rbac account	Syntax: .rbac account [$account]	View permissions of selected player or given account Note: Only those that affect current realm Note: Shows real permissions after checking group and roles
.rbac account permission	Syntax: .rbac account list [$account]	View permissions of selected player or given account Note: Only those that affect current realm Note: Only those directly granted or denied, does not include inherited permissions from roles
.rbac account grant	Syntax: .rbac account grant [$account] #id [#realmId]	Grant a permission to selected player or given account. #reamID may be -1 for all realms.
.rbac account deny	Syntax: .rbac account deny [$account] #id [#realmId]	Deny a permission to selected player or given account. #reamID may be -1 for all realms.
.rbac account revoke	Syntax: .rbac account revoke [$account] #id	Remove a permission from an account Note: Removes the permission from granted or denied permissions
.rbac list	Syntax: .rbac list	View list of all permissions. If $id is given will show only info for that permission.

Related tables (`auth` database)

Table Name	Table Description	Field Name	Field Type	Field Description
rbac_account_permissions	Account-Permission relation	accountId	int	Account id
		permissionId	int	Permission id
		granted	int	Granted = 1, Denied = 0
		realmId	int	Realm Id, -1 means all
rbac_permissions	Permission List	id	int	Permission id
rbac_permissions	Permission List	name	text	Permission name
rbac_default_permissions	Default permissions to assign to a specific security level (account_access)	secId	int	Security Level id
rbac_default_permissions		permissionId	int	Permission id
rbac_linked_permissions	Assigns permissions to roles (see rbac_permissions for permissions with name "role") Can also be used to link permissions to permissions (creating new roles)	id	int	Security Level id
rbac_linked_permissions		linkedId	int	Permission id

Suggestion

Create a web interface (in PHP or other accessible web technology) to ease the management of the RBAC system.

If simple and good enough, it could possibly be added to TrinityCore repository (/contrib/ directory)!

Navegador incompatible