Roles give the administrator complete flexibility for delegating control and limiting risk. For example, the administrator can define a role that lets you do specific administrative functions on your local or a remote computer without giving you the administrator’s password. By eliminating the use of a shared password for the administrator’s account, you can prevent an audit finding that could be costly for your organization. Using a role also limits your authority on the computer, ensuring appropriate accountability, and limits the potential damage a compromised password might cause.
In addition, roles enable targeted auditing of user activity, so that only the actions when you have elevated privileges or access certain computers are recorded. In many cases, these activities must be recorded for regulatory or industry compliance. With roles, you can go about your normal activity, such as reading and responding to email, without auditing, then capture detailed information about the use of SQL Server Management Studio or the Exchange Management Console.