You can define roles to be mutually exclusive either at the membership level, or at the activation level. For example:
You may not want to grant both the “payment_requestor” and “payment_approver” roles to the same user.
A user might be granted both the “senior_auditor” and the “equipment_buyer” roles, but you may not want to permit the user to have both roles enabled at the same time.
You can define system roles, as well as user-defined roles, to be in a role hierarchy or to be mutually exclusive. For example, you might want a “super_user” role to contain the system administrator, operator, and technical support roles. Additionally, you may want to define the system administrator and system security officer roles to be mutually exclusive for membership; that is, a single user cannot be granted both roles.
