The role of the person concerned by this ACL.
By default, this can only be ACCESS_ROLE_NONE. Services may extend it with their own namespaced roles.