Role-based access overview
In deployable applications, access permissions are based on roles. Like groups, roles have permissions to access forms, fields, active links, and so on. Unlike groups, however, roles are defined for an application and are then associated with groups on the server where the application is deployed.
Roles make deployable applications easy to install on a variety of servers. You assign users to groups and then associate the groups with roles. This enables you to install an application on servers that have different groups without redefining the application's object permissions for each server.
For simplification, user access is usually described in terms of group permissions. In deployable applications, which use role permissions, user access is ultimately determined by which groups are mapped to which roles.
For more information, see Creating and mapping roles.