Project roles
Project roles represent the job functions of the people who participate in a project or make project requests.
Template developers construct a list of appropriate roles on the Project Roles tab of each project template. Then, when you configure security policies, you select the template and the system displays the template's project roles along with the other access roles. That way you can configure different permissions for different templates based on project roles in addition to system, object, and security roles.
Additionally, within individual templates, you can configure different permissions for different tabs (both custom and default tabs). For example, perhaps participants from one project role shouldn't be allowed to edit the workflow; they should just be able to view it. Or perhaps only the user who participates in a project role named "accounting" for an individual project should be allowed to edit the Budget tab no matter what their other access roles might be.
Custom security for template tabs based on project roles can be disabled, if necessary. To do so, click Settings > Configuration > Plan > umoConfiguration and set the customAccessLevelEnabled configuration property to false.