A configuration object named Role is intended for defining user rights. Using this object, a developer can describe a set of rights to execute some actions on specific database objects and on the configuration as a whole.
As a rule, a role is created separately for each type of activity, and each user is assigned one or more roles.
When a user is assigned multiple roles, access is granted or denied based on the following rules:
- If any of the roles has the permission, access is granted
- If none of the roles have the permission, access is denied