Misconceptions
Roles are not hierarchical
Each role grants access to features in RightScale and there is not one role that can grant all privileges. This means the Enterprise manager role will not allow you access to all parts of RightScale.
Optima roles should be applied under the master account and org
Roles that are to be used on optima should be applied to both the org and master account to help prevent issues.
Policy roles issues.
A common issue with Policies is them failing due to role issues. When running a policy the policy will use your access rights on different accounts. This means that you should make sure you have the required roles to run the policy.
Roles and Groups
RightScale also allows you to use groups to assign roles. These groups allow you create set access rights that you then assign people to.
Privileges
The below document explains the privileges roles grant.
https://docs.rightscale.com/cm/ref/user_role_privs.html#overview