Roles Are Theatrical Costumes

metaphor

Source: Performance → Access Control

Categories: securitysoftware-engineering

Transfers

In role-based access control, a user does not become an administrator. They put on the administrator role, like an actor donning a costume for a scene. When the scene ends, the costume comes off and the person underneath is unchanged. This theatrical framing structures how practitioners think about identity, privilege, and the separability of who you are from what you can do.

Key structural parallels:

• Role as external garment — in theater, the costume is not the actor. It sits on top of the person, modifying their appearance and their range of plausible actions without altering their underlying identity. RBAC systems make exactly this structural distinction: the user object (identity) is separate from the role object (capability set). A user “assumes” a role the way an actor “assumes” a character. The verb choice is not coincidental.
• Costume changes as role transitions — actors change costumes between scenes. Users switch roles between tasks. An engineer who needs to deploy to production “puts on” the deployer role, performs the deployment, and “takes it off.” The temporal structure of theater — acts and scenes with costume changes — maps onto the principle of least privilege: wear only the costume you need for the current scene.
• The wardrobe as the role catalog — theaters maintain a wardrobe of costumes that any actor can wear. RBAC systems maintain a catalog of roles that any user can be assigned. The costume pre-exists the actor who wears it, just as the role pre-exists the user who assumes it. This makes roles feel like organizational infrastructure rather than personal attributes.
• Costume constrains action — a character in a doctor’s coat can plausibly perform surgery on stage; one in a clown suit cannot. The costume does not merely signal identity — it bounds the range of credible actions. Roles work identically: the admin role enables actions that the viewer role does not. The metaphor makes capability-bounding feel like a natural theatrical convention rather than a security mechanism.

Limits

• Costumes are visible; roles are not — in theater, the audience immediately sees what role someone is playing. In digital systems, a user’s active roles are invisible unless explicitly queried. This means the theatrical intuition that role-holders are recognizable at a glance does not transfer, creating a false sense of auditability.
• Taking off the costume does not undo the performance — when an actor removes a king’s robes, the audience’s memory of the king persists. When a user’s admin role is revoked, the database changes they made while wearing it are not rolled back. The metaphor suggests clean reversibility where none exists, which is exactly the gap that audit trails must fill.
• Actors play one role at a time; users often hold many — the theatrical convention of one character per actor per scene does not match reality. Users frequently hold multiple simultaneous roles, and the effective permission set is the union of all of them. The costume metaphor obscures this combinatorial explosion by suggesting a simpler one-at-a-time model.
• The metaphor hides role inheritance — in theater, there is no mechanism by which the king’s costume confers the general’s powers. In RBAC systems, role hierarchies mean that assuming a parent role implicitly grants all child-role capabilities. This structural feature has no theatrical equivalent, and the metaphor provides no intuition for reasoning about inherited permissions.

Expressions

• “Assume a role” — the standard term, directly from theatrical vocabulary (“assume a character”)
• “Role assignment” — casting the user in a part
• “Principle of least privilege” — wear only the minimal costume for the current scene
• “Role switching” — changing costumes between tasks
• “Role-based access control” — organizing the entire permission system around the theatrical unit of the role rather than the individual actor
• “Elevated privileges” — a grander costume for a more powerful role

Related Entries

• Security Violations Are Trespassing

Structural Neighbors

Entries from different domains that share structural shape. Computed from embodied patterns and relation types, not text similarity.

• Platform (architecture-and-building/metaphor) container, superimposition, enable, contain
• The Decorator Pattern (architecture-and-building/archetype) container, superimposition, matching, enable, transform
• Theories Are Covers for the Facts (covers/metaphor) container, superimposition, matching, transform, contain
• AI Is an Iceberg (natural-phenomena/metaphor) container, enable, contain
• Abilities Are Entities Inside A Person (containers/metaphor) container, enable, transform, contain
• System Administration Is Feudal Lordship (governance/metaphor) container, enable, contain
• Mordor (mythology/metaphor) container, transform, contain
• Framework (carpentry/metaphor) container, enable, contain

Structural Tags

Patterns: containersuperimpositionmatching

Relations: enabletransformcontain

Structure: hierarchy Level: generic

Contributors: agent:metaphorex-miner