Those users will often have many roles.
'''Audience prompt:''' What is a user role and why do we use them?'''
User Roles group like users together. So we can control what people can see and do in the system. This is often referred to as “Role Based Access” control or “RBAC”. Typical roles might be internal staff, applicant or reviewer.
'''Audience prompt:''' Why do we suggest roles should add permissions to users?'''
If roles are used to add permissions to a user, roles become additive in nature. The more roles a user has the more they can see and do within your SmartSimple system.
That's not to say you can’t apply a “deny” permission on a role. As there are legitimate use cases for that but typically we suggest adding permissions with roles when possible.
'''Audience prompt:''' Why should we be mindful of using the deny permissions on user roles.?'''
Be mindful of using deny permissions on user roles because SmartSimple Cloud takes a most restrictive approach to security and as such a single deny permission on one role will override all the allowed permissions on any other roles a user may have.