The following article is provided as reference and is not meant to be a "Best Practices" article; it provides some common articles used by Support while working/troubleshooting on Security Roles, Scoping and Permissions.
Patch Management
179733 "What permissions are needed for Patch Management 7.X?"
181049 "How do I add the ability to perform Patch Management Admin processes to an existing canned user?"
`79650 "How do I create and define a security role for scoping in Patch Management?"
163253 "Patch Admin permissions fail to allow change in Software Update Policy Target"
Service Desk / PCAnywhere Solution
179643 "How To Create a Custom Security Role for Remote Control.
Task Management
153971 "How to Create a Security Role that Allows Users to Create Tasks"
Symantec Management Platform
152911 "Adding domain users or groups to Notification Server (NS) security roles"
180291 "Things to know regarding Replication of Security Objects"
152267 "Security Roles disappeared and can no longer be seen in the console"
179664 "How do you add Scoping by Organizational Group to Raw SQL reports?"
178283 "How can I create a Security Role in Notification Server 7 for users that need to run just reports?"
169642 "Troubleshooting missing permissions for Security Roles"
181908 "How to create a custom security role for assets"
171861 "Scope with Security Roles to manage Workstations and Servers"
169642 "Troubleshooting missing permissions for Security Roles"
170964 "How do I find what permission my security role is missing from error message?"
Deployment Solution
152911 "Adding domain users or groups to Notification Server (NS) security roles"
179623 "How to set security rights for the Deployment menu item options in the SMP7 Console"
Symantec Connect articles:
Symantec Connect Videos:
http://www.symantec.com/connect/videos/breaking-inheritance-permissions-ams-video
http://www.symantec.com/connect/videos/creating-user-account-access-smp-video-part-1
http://www.symantec.com/connect/videos/creating-limited-itms-administrator-role-video