Groups are used to associate users with one or more roles and therefore, one or permissions to execute commands. When a user is added to a group, that user has authorization to execute any command that has a permission in a role that is part of that group. To put it another way, a user has all the permissions from all the roles added to that group.