Hi Aqeel,
Thanks for your question. To know which security objects are related to specific forms, you can open them and via the action menu bar Options, you can open the Security diagnostics page. This gives a list of related security roles, duties, and privileges. The naming convention will indicate if a user will have read or full access in case of standard duties and privileges.
Next to this tool, as a system administrator you can right click on a form, then click on the name of the form. This will give you a sidecar dialog with specific information, like the menu item used to open the form. This does work for normal forms, but not for dialogs or reports.
In the preview version of 10.0.43, there is a new User Security Governance module where a task recorder can be used to create new security roles. Some inquiry forms will also show security related information for securable objects.
When having access to a development environment, you can also use some tooling to find the related security objects, but those tools are not aware of possible added security objects via the configuration options.
To be able to create your three roles, use the options above to get a list of duties and/or privileges you need to include in these roles.
I hope this response will get you started in the right direction. Please update the thread with your progress.
