Application roles provide a way to group permissions by function and assign them to users.
Application roles are collections of application permissions. When you assign a user to a role, you grant the user all of the permissions for that role.
PingOne admin roles are collections of permissions for managing access to resources in the PingOne admin console, such as organizations, environments, and identities. Application roles help you manage access to the application resources developed by your organization’s engineering teams.
You can assign the same permission to multiple roles. For example, at a bank, both an account administrator and loan officer could have permission to view accounts.
You can also assign multiple roles to the same user. For example, at a small regional bank, Jim might be both an account administrator and a loan officer.
Roles and permissions are currently scoped to an environment in PingOne.