Inside the Roles Tab, define the Author and Auditor roles according to the use cases.
In ERP5, all documents should follow the 5A Security model in which
users are associated with roles in a per-module and/or per-document basis. An
Author role should be assigned to all persons who have the right to create a
new document inside a module. Those persons should also have an Auditor role
because an Auditor is allowed to view documents, but not to create them. To
avoid the repetitions in the roles, we can define many roles for the same
"type" of person. For that, we just need to separate the roles by a ";"
for example, in the field Role, we will have Author;Auditor. All the persons
who have the possibility to access to a document to validate it or to modify
it after it has been created should have an Auditor role on the module.