The basic scenario for authorization is to give a user one or more roles in an application. The same user can of course ha a different set of roles in another application.
But what if the same user has different relations to the application?
Example: insurance company
- Employee (need superadmin privileges )
- Customer (basic privileges to see and modify own insurances)