Control Center Roles
To use Control Center, you must first have an account in Account Manager, and this account must be assigned to the appropriate roles. Account Manager has two predefined roles that apply to Control Center: Control Center Administrator and Control Center User. Both roles are general roles covering broad capabilities.
The Control Center Administrator, gives the account full administrative control over your organization's instances in Control Center; this role also gives the account the ability to configure permissions for other users in Control Center.
The Control Center User, enables the account to perform any Control Center actions permitted by a Control Center administrator.
Within Control Center, administrators can define fine-grained roles ― specific roles that apply to a subset of Control Center users. These roles are designed to make configuration easier. A fine-grained role binds one or more users to a set of instance-level permissions. For example, suppose an administrator wants to give 10 users permissions to three sandboxes. One approach is to repeat the instance-level permissions for each user; this requires the administrator to specify instance-level permissions 30 times. Another approach is to define a role, which requires the administrator to specify instance-level permissions just three times, once per instance. The administrator can then assign all 10 users to that single role.
The administrator can also combine both configuration techniques (instance-level permissions and roles).
If your organization has a large number of users, roles can save you time; if your organization has a small number of users, you might find it easier to configure instance-level permissions separately for each user. Roles are also beneficial when you assign a group of users the same set of permissions.