It is recommended to link access rights to roles and to avoid assigning rights to individual employees. A role-based authorization concept can be used to create different roles in the company and assign rights to them. This approach makes it easier to manage rights, for example, when an employee leaves the company, the rights do not have to be withdrawn from individual employees. Instead, the employee's role is simply revoked, which automatically revokes all associated rights.