Roles are created with reference to Application, and it may not be matching with the user group. of course, roles can be created to model user group, and in each screen, we can assign the role(user_group) which is quite tedious job.
Application A1 to A9 and Application B1 to B9, user group IT and user group Finance
1. create role as role_IT, role_Finance.
2. assign A1 to A9 with role_IT, a lot of ticking is required
3. assign B1 to B9 to role_IT, role_Finance. a lot more ticking is required.
imaging what has to be done if we need to create new user groups and re-group the screen access.
instead of doing above, if we can create role group to model application group.
each application/screen can have a individual role, the roles can be grouped to reflect application group.
Role_Group_IT_Applications ( include A1 to A9)
Role_Group_Finance_Applications ( include B1 to B9)
User Gourp IT can be mapped with Role_Group_IT_Applications or together with Role_Group_Finance_Applications
User Gourp Finance can be mapped with Role_Group_Finance_Applications
if new Finance application is created, i just have to include the new application role under Role_Group_Finance_Applications and no other change is required.
if a new user group is created, i just have to map the application role group. no ticking is required.
if every screen is created with default roles, even better, no more ticking and only mapping.