Which two roles are assigned with Domain Separation?

The two roles assigned with Domain Separation are indeed the domain_admin and domain_expand_scope. Understanding these roles is crucial for managing and maintaining instances with domain separation effectively.

The domain_admin role is specifically designed for managing a particular domain within a multi-domain instance. It enables users to make changes to their domain's configurations, manage data accessibility, and control user permissions specific to that domain. This is essential for ensuring that each domain can operate independently while still being part of the larger parent instance.

On the other hand, the domain_expand_scope role allows users to extend their administrative capabilities beyond a single domain. It grants them the ability to manage multiple domains, which is particularly useful for overseeing broader organizational needs and ensuring that domain-specific configurations align with overarching policies.

These roles work together to provide a structured approach to access and control in environments that require domain separation, making it easier for organizations to manage their data security and operational requirements effectively.