A role is a construct (similar to an access control list) that defines the access permissions granted to users and groups to perform functions on EPM System resources. It is a combination of resource or resource types (what users can access, for example, a report) and actions that users can perform on the resource (for example, view and edit).
Access to EPM System application resources is restricted. Users can access them only after a role that provides access is assigned to the user or to the group to which the user belongs. Access restrictions based on roles enable administrators to control and manage application access.