This graphic shows how permissions are assigned to a role, and users are granted their permissions by being made members of that role. In it, the users Frank, Bob, and Mary are granted the HR role.

Multiple roles can be granted to a user. A role can also be granted to another role, thus forming a role hierarchy that provides administrators with a tool to model enterprise security policies.