The following examples describe how to create a general Employee role, a restrictive Manager role, and a role from a contract with ORed credentials. These roles can be used by Access Gateway in Identity Injection policies and by Access Gateway in Authorization policies.