A typical example of good RC usage is a virtual Webserver system with an arbitrary number of customers, who want to use their own CGI scripts with private data.
We use a forced role Webserver, which gets assigned to the Webserver binary. This role may not access any of the base protection types except the mapping of libraries. The general Webserver logging type Webserver Log can be accessed to create and append to log files.
Each customer C gets a separate directory tree, three RC types, called Web-Data-C, CGI-Program-C and Private-Data-C, and three roles, called Webserver-C, Upload-C and CGI-C.
The general Webserver role may not access any customer data. Instead, a serving process changes to the compatible role Webserver-C when serving content for customer C. The role handling can e.g. be implemented in a simple Apache module.
Role Webserver-C may read Web-Data-C and execute CGI-Program-C. The CGI folder for customer C has a forced role setting of CGI-C, which gets inherited to all programs in it. Thus, when one of C's CGI programs is run, it uses role CGI-C and gets limited access to all of C's data, specially Private-Data-C.
Finally, the upload account for customer C gets the default role Upload-C, which has read and write, but no execute access to all three types. Access to any other type is denied.