Security roles simplify privilege assignment and maintenance. A single security role can specify privileges for accessing many items. The administrator creates a security role to configure a set of privileges common to a group of users, then assigns the users to the role.

In Figure 3‑1, the Sales Managers role has visible and execute privileges on the Sales Invoice design. Marketing and Finance cannot run the design. Marketing and Finance both can read the document that the Sales Invoice design creates.