No permission check. No auth server. Each role holds a piece of the reconstruction key. Toggle one absent and the transaction locks. There is no rule to bypass — a component is simply missing.
A protected transaction — ACME Corp → Goldman Partners, $4,250,000 — requires components from three roles to reconstruct. Each role holds a piece on their device. The server holds the encrypted fragment. No single party alone can read the plaintext.
The threshold defines how many role components are needed. Drop it from 3-of-3 to 2-of-3 and two roles alone unlock the transaction. Set it to 1-of-3 and one role controls everything. Change the threshold — no code, no permission, just math.
Toggle a role off. The transaction locks. Not because a server said no — because CT ⊗ CC ⊗ CR is now incomplete.
Traditional RBAC stores complete data and checks a permission list. Bypass the check and the data is exposed. There is a server to attack, a rule to exploit.
Component distribution removes the check entirely. Each role holds a piece of the reconstruction key. Toggle Risk absent above. The transaction locks. No server was asked. No rule was evaluated. CR was absent.
There is no permission check anywhere in the source of this page. The math is the access control.