string
optional

Type of a role, usually denotes a "layer" or "purpose" of the role. Such as "business", "IT", "asset", etc. This field has no special meaning in the IDM computation logic. Its purpose is to organize roles for presentation (GUI) and management. Therefor it is assumed that the values of the roleType will be an enumeration.
Examples: application, business, it, technical, asset

PolyString
optional

Human-readable name of the role. It may be quite long, container national characters and there is no uniqueness requirement. It is used if the "name" property contains a code that is not entirelly user-friendly.

AssignmentType
optional, multi

See Assignment and Assignment vs Inducement.

AuthorizationType
optional, multi

Set of role authorizations. Authorization define fine-grained access to midPoint objects and system functionality. The authorizations that are defined in a role apply to all users that have this role assigned (such user is a "subject" of the authorizations).
See Authorization

Indication of the level of risk associated with the persissions that this role assigns. This may be a numeric value, textual label are any other suitable machine-processable indication.

Owner of this role. The owner is a person (or group) that is responsible for maintenance of role definition. This reference may point to object of type UserType of OrgType.

ObjectReferenceType

optional, multi

Approvers for this role. The approver is a person (or group) that approves assignment of this role to other users. This reference may point to object of type UserType of OrgType.

Set of governance, risk management, compliance (GRC) and similar policy constraints that influence the identity model.
(since midPoint 3.1.1)