Each role must have at least one property. More precisely, you have select among different categories in order to assign a function. You can select among three different categories of permissions:
Set the things permission for all things of the selected networks. If no network has been selected, the permission refers to all things of the organization.
If the things read permission is enable ( 'Enable read' ) it is possible to:
Users with things read permission do neither have the power to add, delete or configure things.
If the things write permission is enable ( 'Enable write' ) it is possible to:
The things write permission also give the things read permission.
If the configuration permission is enable it is possible to:
If the security permission is enable it is possible to:
The security permission also give all other permissions (things and configuration).