"Roles control the availability of application features such as certain menu items, plug-ins, and buttons. In the initial configuration, registered users have almost all non-administrative capabilities. In many cases, this is appropriate and sufficient." Roles and Capabilities were introduced in SAS 9.2 and this paper gives a nice summary overview of what SAS Roles are, how they relate to capabilities and the effect they have on some of the SAS clients. http://support.sas.com/resources/papers/proceedings10/324-2010.pdf
Sorry Andrew, I disagree. At first SAS used the word roles for menu tailoring. Rbac role based accès control is a security principle but menu tailoring is not. The new word capabilities is better for menu tailoring. You cannot implement security by menu tailoring it is just helping not experienced users to see an overweight number of menu choices.