A Policy is a container for the privileges associated with a Role. An Assignment causes an individual user to have a Role.
To see which users have which roles, go to Access Control > Assignments.
The Tenant Admin can:
make a Standard user become View Admin or Tenant Admin
make a View Admin user become Standard or Tenant Admin
make a Tenant Admin user become View Admin or Standard
To see which user role is associated with which policy, and how many users are assigned to a given role, go to Access Control > Roles.
To verify that the Tenant Administrator can update users, click TENANT_ADMIN.
To verify that the View Administrator cannot update users, click VIEW_ADMIN.
To view the policies for a role, go to Access Control > Policies and then click the specific policy.
For example, when you click Policies > TENANT_ADMIN, you see the same table as when you click Roles > TENANT_ADMIN. In future releases, the relationship between Policies and Roles might be more complex and powerful.