A role is a collection of user permissions that are assigned to user accounts to grant access to functions within GAP. Two roles are available "out-of-the box" – administrator and user.
Users have limited access to functions within GAP and can only manage devices that are explicitly assigned to them. On the other hand, administrators have full access to all devices and functions within their tenant (and any sub-tenants).
If you need to set up more granular permissions for your users, you can create your own roles and assign them to your users.
Like other objects within GAP, roles are created within a tenant and are not available outside of that tenant.
Note: you cannot create roles within greater permissions than are assigned to your own role
Note: You must ensure that no users are assigned to the role before you can delete it