Just working on setting up our administrator accounts in ZCM and seem to have hit a bit of a snag.

I want to set rights for, say Remote Control and Bundles and ideally restrict those to certain containers e.g. workstations for remote control and a "development" folder for bundles. First thought is to create a role, assign the rights and add the required users. Problem is there's no context available for the rights so it seems they apply globally (?) and then after I set them the user still has (None - rights are not effective) next to their name?

After reading back through my manuals there seems to be another method of achieving basically the same thing by using Administrator Groups. In this case I can set the rights with an associated context as I want for the example above, although I have to drill down into the group rights to see them (in this case the effective permissions don't appear in the Rights tab when looking at the Administrator's Assigned Rights details)

So basically what I'm wondering is why do I have roles and groups if they're pretty much doing the same thing in different ways? The ZCM manual I have glosses over this section, basically just saying you can create either but with no particular logic as to when you'd use each one