A role defines a set of permissions related to one or more target systems or applications. The Identity Manager roles system includes several different built-in roles that provide different levels of access rights to the role-based provisioning system. For example, someone assigned to administer the Roles Module has unlimited scope within the Roles system, but someone assigned to just manage roles is limited to specifically designated users, groups, and roles.