When the Automatically create Roles for each Corporate Group feature is selected, a corresponding role is created for each group found in an LDAP directory server. These roles have the same name as their corresponding LDAP group, and the membership of these roles is directly governed by the membership of the LDAP group that it is synchronized with. The membership in this case is fixed and can not be modified. These roles are referred as LDAP roles or LDAP group-synchronized roles.
When using TIBCO Domain Utility to create an administration domain that uses an LDAP directory, if the Automatically create Roles for each Corporate Group feature is not selected, no LDAP group-synchronized roles are created in the TIBCO Administrator GUI for LDAP groups. Instead, each LDAP user is assigned to the root role,
Authenticated Users, in the TIBCO Administrator GUI.