If you are doing wired 802.1x, the initial role is not really applied in the AAA profile. The 802.1x default role would be applied. The initial role would be applied when doing wired 802.1x and the user does not pass 802.1x. In wireless, if the user does not pass, he is not allowed to pass traffic, period.