I'm just starting out testing Sugar and I have just started looking into roles. It seems to me that roles are backwards as far as how permissions are granted. Since the most restrictive permission from all the roles assigned to a user, adding a user to a roll would take away permissions. This just doesn't seem right.

What I would like to do is create roles like Sales, Support, Accounting, etc. If a user was in both Sales and Support, that user should be able to have access to everything that the Sales and Support roles grant. Instead that user would only get what permissions overlap between Sales and Support. Now that user can't really do Sales or Support.

What am I missing here? Is there a way to change roles to grant permissions instead of restrict them?