If you require more granular access control than the
predefined roles provide, you
can add custom roles to define which permissions are enforced for your
users. Similar to predefined roles, custom roles are a set of
permissions and permission sets. Unlike predefined roles, each custom
role is assignable only to the users in the hierarchy under the
Tenant Service Group (TSG)
where it is defined. This avoids name conflicts between similarly named
custom roles defined by different customers.