A user is assigned roles by being put into a group. However, the group membership only applies within some context, and so any roles for that user only apply within that context as well. For example, Sally is in the Sales Rep group for the Southern Region. That group gives Sally the right to edit user accounts within the Southern Region, but it does not allow her any rights in the Northern Region. So when Sally accesses some resource we will look through her groups finding roles. For each role we'll check if it applies to the resource type being accessed, and if so if that resource is within the context of the group membership. If so then the priviledges conveyed will be returned and used to determine whether to allow the request
| Name | Returns | Notes | Example |
|---|---|---|---|
| name | String | The name of this role. This will be persisted so should never change | |
| description | String | Get description |