Roles tend to follow reasonably consistent patterns across organisations, so in a multi-tenant environment for example, it is worth considering how roles can be defined so as to be reusable across each tenant’s environment. When roles are defined at a general level they can be reused in ACPs for defining specific privileges. Thus a role such as Backup Administrator could be reused by multiple ACPs such as Accounts Backup Admin, Legal Backup Admin and Production Backup Admin. What differs between these ACPs are the accessible resources, not the activities that will be performed on them.
Protector ships with a number of pre-defined roles that can be cloned and modified or used as-is.