A Role is a way to group GAM Permissions in a GAM Application. They are organized in hierarchies of Roles (hierarchies can be defined using the GAM API).
From the Roles section of the GAM Web Backoffice you can create new roles, edit existing roles, and add permissions to a role that has already been defined in an application.
You can also associate a Role with a User (this can also be done through the GAM API).
If a role is associated with a user, the user inherits the permissions assigned to that role. This means that when the user permissions are checked at execution time, the permissions associated with the user through the roles are taken into consideration. However, the permissions directly associated with the user have precedence.
As previously explained, if a role is associated with a user, the role permissions are indirectly associated with that user. This means that when the user permissions are checked at execution time, the permissions associated with the user through the roles are taken into consideration.
In addition, if a role has child roles, their permissions are also inherited by the user. This allows defining general roles that include others with more specific permissions.
See GAM - Main Role of a user.
The Default Role of the GAM repository is by default the Unknown Role, but it can be changed by the administrator as shown in the figure below:
The repository Default Role is assigned automatically when a user logs in without any associated roles. Its purpose is to assign a role to the users who haven't got any at the time of login.
This association is not physical, meaning that the role does not appear in the user’s list of assigned roles.
Update GAM Role Permissions
GAM Web Backoffice - Roles section