UserRoles
The original tikiwiki had users groups as a means of identifying different types of users such as registered users or editors. This mirrors the user and group structure in Linux, but does cause confusion where 'groups' have other meanings and are used for sub-groups of registered users. Since most of our own customers are arms length from the operating system, reclassifying user groups as 'roles' makes a lot of sense. There is little difference between the user groups and roles functionally, but this particular functionality makes more sense to clients when one adds roles like 'accounts', 'dj', 'duty guard' and other organizational functions.
There have been a number of additions to the roles process, which is complemented on all our sites by the Protector service. This limits content within a package to the roles that a user has assigned. One of the 'additions' to the protector service was to allow assignment to multiple roles. This can cause confusion, when users can be assigned to multiple roles as well. My own preferred method of working is to limit a content item to a single role, and then we know who is allowed access to each item. Some of the todo list for protector would be useful now, but on the whole, users are not presented with links to protected pages if the content flow is correctly managed.
The main reason for wanting to tidy this up originally was the problem of assigning admin roles to managers on the multisites package. The page for that needs updating a little, but the enquirysolve site is running nicely with both multisites and protector, along with a modified user authentication which limits user table management to a particular sub-site and a local manager role can manage that without needing site 'admin' permission on the account.