App Roles are assigned to app users to allow them to interact with an application. When multiple app roles are defined, one must be selected as the default role. The default role will be automatically assigned to a user when that user is first subscribed to the app. When creating new roles it is sometimes easier to copy an existing role and modify it, especially for applications with many data models. Role names must be unique within an application, and can only contain alphanumeric characters (no symbols or spaces).
For example, in a video sharing app, all users should be able to upload videos, but only specific users (the moderators) would be able to delete videos. This step allows you to define multiple roles and declare what each role is allowed to do with each model.
Roles are created by selecting allowed operations for each data model in an application. The operations are Create, Read, Update, and Delete (known as CRUD operations). Each role is a collection of access control levels (ACLs). These types of Roles include ACLs that are blanket privileges,i.e. they apply to ALL records of a model.
The “AccessControl” privilege is a special privilege that controls whether a user can create ACLs for someone else. While the blanket ACLs only manage entire models, AccessControl ACLs can control access on specific records.
From the My Apps page, go to the left menu, Logic > Role. A new page opens, where the developer can set role specific permissions on each data model, and control access of your users.
Click > +New Role All the models created will be listed, to assign new roles.