Roles and permissions
A role is a named collection of permissions that are granted to a user either through an HCP user account or through one or more HCP group accounts. Each permission in a role lets the user perform some specific interaction or set of interactions with the HCP system. Roles generally correspond to job functions.
You can associate any number of roles with a user or group account. The account user then has all the permissions granted by each of those roles.
Before associating roles with a user or group account, make sure the permissions granted by those roles are consistent with the job functions of the user or group of users for whom you’re creating the account.
An AD user can be added to an AD group while that user is using the System Management Console. If the AD group corresponds to an existing HCP group account, the user may not automatically get the roles associated with that group account for up to eight hours. To get the roles immediately, the user needs to log out of the System Management Console and then log back in. If the user is also currently using the Tenant Management Console or Namespace Browser, logging out of either of those interfaces has the same effect.
Alternatively, you can force the roles to be recognized immediately by clearing the AD cache.