In SSP7 roles are used to grant users access rights to the portal. Administrators use Roles to configure which categories, forms, shops and workflow actions are available. That way, users will only see what is relevant to them and what is allowed. Through integrations with LDAP, users may get certain roles assigned automatically, based on information from LDAP. In that way, the maintenance on which users receives which role, is taken away from SSP and put within LDAP, where is belongs.