Within your Cordys projects you have functional- and technical roles. These Roles can be used on services and in user interfaces to define ACLs (= Access Control Lists).
This small blog describes a best practice of how to set up the Roles. Currently i always use it like this within my projects and it works fine.
In my opinion there is a big difference between a functional role and a technical role within Cordys. You can define both.
"Is Functional Role" can be checked for a functional role.
Functional Roles should be used for Roles that are known by the business. These are the Roles that are used within Business Processes. These are the Roles that are used to assign Tasks to.
It is best practice to define functional roles within a separate Cordys project.
Within the Functional Roles you can define the UIs that are allowed to be used by that Role.
This has the consequence that there is a dependency from the Organisation project to the project where the UI is defined.
Furthermore within the Sub Roles you put other Functional Roles or Technical Roles that are to be defined within the projects itself. This way you can define what services can be used by the Functional Roles.