Users are assigned the rights to perform certain tasks. Without the correct rights, a user may be prevented from viewing information (e.g., party Social Security Numbers) or accessing or modifying certain areas of the system (e.g., a Financial tab on a case record). Rights are system-defined and cannot be created.

A role consists of a group of rights necessary to perform a certain job function. Users who perform the same tasks are typically assigned the same roles. For example, all the rights that should be assigned to a bookkeeper can be grouped to create a bookkeeper role. Instead of assigning each right to each bookkeeper, you can assign the bookkeeper role to each bookkeeper.