A realm is a collection of usernames and passwords, and it includes the roles associated with each of those users. PAS can support one or more realm definitions. A role controls the amount of access a given group of users has. All authorizations in The Progress Application Server are role-based; access privileges cannot be granted on a user-by-user basis.
PAS retains the roles defined in Tomcat's default MemoryRealm, but also adds a set of PAS roles that map to the Tomcat roles and allows for consistency across the product. For example, ROLE_PSCadmin allows unrestricted administrator access, and it maps to Tomcat's admin-gui, admin-script, manager-gui, manager-script, and manager-status roles.