It would be great if the roles in Eramba you could associate an email with and an LDAP Group. This could be used later for notifications and automated user management within Eramba.
So for example If I have a control where the collaborators are in the ITSupport Team you could send an email to their distribution group without having to create a new local user in Eramba. If the role is associated with this control then anyone who signs into Eramba as part of this role would be able to see what controls they are part of.
If this is associated with a security group in AD you could also then automate user creation and deletion in Eramba. So that when a new team member joins the daily cron could look at the roles and check in AD for any changes to the “member of” and update the User Management in Eramba.