Tom,
You are correct. There isn'y anything specifically called "Role" in OpenACS. And a relational_segment does not have built in permissions.
To use it to define a role, you grant the correct permmissions to the relational segment.
Perhaps I left that part out. I have used this to create several different roles in a project management site. So to the administrator, the user iterface says "Add a user as Administrator or Add user as a Staff member" and the application defines the relational segments on each group, grants permissions to the relational segments, and adds or removes users from the relational segments.
My point is that this makes much more sense to users of OpenACS applications so instead of redirecting an admin to the acs-subsite built in permissions page, an alternative would be to build a user interface around the concept of roles.
Its only one model that can be built in OpenACS. Of course even the improved interface with checkboxes for each privilege is a great improvement over the old page.
