A role is a logical subset of activities that describes a user’s business function or set of responsibilities within a business enterprise. You can define as many roles as required in the system in order to model your business processes. Roles are created by using Role Create (36.3.6.1).

Typically, a user in the system has at least one role—and possibly several roles. In addition, the same role can be associated with several users. Before users can log in to the system, they must be associated with at least one role.

A role, when associated with a set of application resources, defines the tasks or activities a user can perform when using the system. The process of associating application resources to a role defines role permissions. For details see Role Permissions.

Roles operate within the context of the domains and entities to which the user has been granted access. This concept is known as role membership. For details see Role Membership. A user with multiple roles has access to the sum of the resources assigned to each.