Roles are user assignments in the system. Each user/account needs a role, such as Admin, Editor, Reader, or a custom role.
The Logic of Roles
Roles, in conjunction with group permissions, define the authorization logic in our systems. While group assignments manage connections to specific organizational groups, roles define what individual users are allowed to do within the system.
A typical example is simple read permissions. These users (readers) can view the system but cannot edit fields or download data.
A next level could be the "External" role. This would define, for example, that the user is not allowed to make any changes, but can download data and use the shopping cart.
An enhanced role would now be the editor, who is additionally allowed to set data for fields for which they have been authorized.
The admin, as the next higher level, may administer the system but does not have access to fundamental functions such as locking the entire system, etc.
In this form, roles can be created and used. Generally, typical roles are already predefined, as they usually always require the same functionalities.