Nesting a role
You can add a Privileged Access Service role to a role. This is referred to as “nesting a role.” When you add a role to a role, the nested role members get all of the applications and rights assigned in the parent role. However, the applications and rights inherited from the parent are not displayed when you select the nested role. Only the nested role members have use of the rights and applications assigned to the nested role—the parent role members do not.
Additionally, if you are also using Active Directory/LDAP as an ID repository, a role can contain Active Directory/LDAP user accounts and groups.