Operations Sentinel allows the administrator to create roles that grant or deny the user the ability to read or modify managed objects, resource monitor policies, and zones; and to allow the execution of external applications. This role-base security is not extended to Log Policies or Alert Policies.