|This role is a user role. That is, the role name must be an existing user on the system.
|This role is a group role. That is, the role name must be an existing group on the system.
|This role is a special role, meaning it does not belong to a user or group and does not require an enforced secure policy base to be included in the ruleset.
|Lowercase L. This role has learning enabled.
|This role is an administrative role, thus it has special privileges that normal roles do not have. In particular, this role bypasses the additional ptrace and library loading restrictions.
|This role can use gradm to authenticate to the kernel. A policy for gradm will automatically be added to the role.
|This role does not require authentication. To access this role, use 'gradm -n <rolename>'.
|This role uses Pluggable Authentication Modules (PAM) for authentication.
|This role has Trusted Path Execution (TPE) enabled.
|The role is persistent. When the shell/session in which authorization was done is terminated, spawned processes won't be dropped to non-special role. Do NOT use this flag with any role that does anything but shut the system down.