role 

A definition for one user role. Each role element contains a name for the user role, a list of security permissions, and, optionally, a user role from which permissions are inherited along with any exceptions to the inheritance. 

role-name 

The name of the user role, such as Administrator. 

inheritance 

A definition of how permissions are inherited from another user role. The definition includes the parent user role and any permissions that should not be inherited. This group of elements is optional, and a role can inherit from multiple user roles. 

The role from which permissions are inherited must be defined earlier in the XML file than the role that inherits the permissions.

inherits-from 

The name of the user role from which the current role inherits permissions. If permissions are added to this user role at any time, the new permissions are also inherited by the current role. 

excluded-operations 

A list of permissions assigned to the parent role that the current role should not have access to. Any permissions assigned to the parent role that are not listed here are assigned to the current role. 

If a role inherits from multiple parent roles and each parent is assigned an excluded permission, you need to specify that the permission be excluded for each parent role.

excluded-operations/name 

The name of a security permission that is not inherited from the parent user role. Security permissions are listed under Master Index Data Manager User Permissions.

operation 

A list of security permissions to assign to the user role. If the role inherits permissions from another role, the permissions listed here are in addition to the inherited permissions. 

operation/name 

The name of a security permission to add to the current user role. Security permissions are listed under Master Index Data Manager User Permissions.