Roles are a great way of organizing user permissions. Roles can be seen as usergroups each with it's own permissions. When there are roles added to Webigniter, users can be assigned to a group, which will immediately cause this user to inherit the permissions set in this group.
When a role is added, you can specify many different types of permissions.
Most segments are divided into multiple subtypes of permissions. For example the
Media segment has 4 subtypes,
delete. Meaning that you can grant or revoke certain actions on Media containers. So if you want your development team to be able to add images to the media gallery, you switch on
add under the Media segment. But you may want tot disable it for other roles.
Each category (and subcategory) has it's own segment within the roles overview. This means that you can allow or restrict access to specific categories to specific roles
This can be usefull if you have editors who should only be able to edit or add pages to specific categories.
If a user creates a new category, the role of this user automatically has full access to this new category.