Role-based access control rules are similar to firewall rules, except they are applied to members sharing a specific role. This enables you to grant system permissions to a specific role, based on their IP addresses.
Create rules specifying which addresses to accept and which ones to discard when the addresses are associated with a specific role. See Creating Role-Based Access Control Rules.
Changes made do not affect users currently logged in until the next login.