Roles are defined in the database (table security_roles)
New roles have to be added to the database during deploy
Problem 1: not easy for deployments, sometimes deploy command are needed
Problem 2: dynamic roles are impossible, for example a manager role per website
We keep the roles in the database, but only the roles that have been assigned to a group or user (the roles that are in use)
When assigning roles to a user or group (currently only at /admin/group/1) the available roles will be read from the application, in two ways:
XML file per bundle (Resources/config/roles/roles.xml)
Eventlistener (can be used for dynamic roles), like the one for the MenuBundle