A user can belong to one or more groups. Groups let you assign and manage roles for users collectively.

Roles are an essential concept in the on-premises Controller. Roles determine what users can view or perform on the Controller, including which business applications they can monitor and the types of configurations they can make. Parts of the Controller are not visible to users whose roles do not authorize access to those features. A user or group can have more than one role but should have at least one.

Splunk AppDynamics comes with a set of predefined roles, but you can add your own, particularly to set up user access by the business application. See Roles and Permissions.