What are application roles
Application Roles work in conjunction with User Roles. Application Roles are groups of permissions that can be assigned to a User Role.
Each app has a set of functions. For example, the blog app has these functions:
Manage own blogs
Edit other users' blogs
Delete other users' blogs
Add posts to all blogs
Edit other users' posts
Delete other users' posts
Add comments to all posts
Edit other users' comments
Delete other users' comments
Application Roles are a way of grouping functions together. This group can then be given to a particular User Role. When someone is assigned to a User Role they get the group of permissions defined in the Application Role, and can only use the functions of that app.
For example, a student should only have basic functionality in the blog app. You don’t want students to be able to delete other users’ posts, or add posts to all blogs.
Therefore the user Application Role, which can be assigned to students, only allows Login, Manage own blogs and Add comments to all posts. If you want to change what users can to, simple tick or untick the relevant boxes.