"Association of policy with a given role. For example, a user might be designated as a ""local user"" and a function such as data transfers might be configured to only be available to the ""local user"" role and not be available to a user with a role of ""mobile user""."