Typical as soon as I decide I can't find it and drop a message in here I find it:
Role assigned to the user. Predefined roles include:
guest-provisioning: Allows the user to create guest accounts on
a special WebUI page.
location-api-mgmt: Permits access to location API information.
You can log into the CLI; however, you cannot use any CLI
commands.
network-operations: Permits access to Monitoring, Reports,
and Events pages in the WebUI. You can log into the CLI;
however, you can only use a subset of CLI commands to
monitor the controller.
read-only: Permits access to CLI show commands or WebUI
monitoring pages only.
root: Permits access to all management functions on the
controller.