Why i need this?

Within your role definition, you can restrict the assignment of roles to other users.

You need these for e.g.

• Define local administrator accounts, that can only assign role for certain applications
• Secure self-registration services – in this case the anonym application role has the right to assign only a specific role to a new created user account.

Building roles with Assignment Restrictions

You have to assign the Roles Permission Objects and Choose the Add Permission Button to (multi-) select one or more roles that are allowed to assign to other users.