All access rights in the system are granted to the user by the groups. The group is a bunch of access rights which can be assigned to the one or more user. Each group can be structured from roles or other groups. The important thing is that this two elements can not be mixed in the one group. The main role group definitions are kept in the database table (AR_Groups)1.10.