In XAF applications, permissions are not assigned to a user directly. Users have roles, which in turn are characterized by a permission set. So, each user has one or more roles that determine what actions can be performed. The list of users associated with the current role is exposed via the Role.Users property. Roles can be organized in a hierarchical structure. The Role.ParentRoles and Role.ChildRoles properties define this structure.
In this instance, roles taken into account for the current user are:
roles that are directly assigned to the user;
all child roles of directly assigned roles (recursively).
For instance, you can specify a set of low-level roles, and then associate them with high-level roles. These high-level roles can be assigned to users.