Determines a user's level of access to data and functionality in a specific plant/project configuration. Users can belong to more than one role per configuration. Roles are defined by system administrators and are based on related access groups, domains, and owning groups.