Dave, a 'role' is not a sub-group, which is essentially what a rel_segment represents. A rel_segment is a group of users which have a defined relationship to a specific group. A group, in OpenACS is a collection of parties. A 'role' is a collection of rights on objects. We don't have an explicit 'role' in OpenACS. If you assign someone to an admin rel_segment of a group, they don't get anything from that. The application has to 'assume' a meaning of that membership type, implicitly creating a role. But there is no data model, no table where roles are defined in OpenACS.
I think workflow has it's own user->role map. My query-writer package uses rel_segments to place users in a role, but the role itself is defined in separate tables, separate from the application.
