The default roles include each other as well. The Editor can see and do everything a Viewer can, and some more. The Manager can see and do everything the Editor can, and some more. System admins can change the permissions of these roles, so that certain plugins and functionality can be turned on or off across the system for all groups. Some examples: 1. As the admin, you don't want any user to use the Search All plugin. You achieve this by removing the Search All plugin permission from the
VIEWER role. 2. As the admin, you only want Managers and Editors to use the Navigator. You achieve this by removing the Navigator plugin permission from the
VIEWER role, and giving the
VIEW permission to the Navigator plugin.