Initially, you must be in the root role to assign rights.
If the root role has distributed administrative tasks to you as a trusted user or by assigning a role to you, the following rights profiles assignments enable you to create users and roles or assign rights to them:
To create a user or role, you must become an administrator who is assigned the User Management rights profile.
To assign most rights to a user or role, you must become an administrator who is assigned the User Security rights profile.
You cannot assign audit flags. Only the root role can assign audit flags to a user or role.
You cannot change the password of a role. Only the root role can change a role's password.
If you are assigned administrative rights, review Using Your Assigned Administrative Rights before you try to run administrative commands.