Why i need this?
Within your role definition, you can restrict the assignment of roles to other users.
You need these for e.g.
- Define local administrator accounts, that can only assign role for certain applications
- Secure self-registration services – in this case the anonym application role has the right to assign only a specific role to a new created user account.