It’s a reasonably well-known fact that recreating roles from scratch and adding all privileges to replicate one of the system roles is not the same as copying that system role. There are some hidden privileges that are not exposed via security dialog.

This topic has been discussed and documented for CRM 4.0 and for CRM 2011.

In CRM 2013 the role dialog has been seriously cleaned up and hidden roles were no more (for example, previously missing prvCreateApplicationFile privilege is now explicitly exposed via Application File entity).

Enter SP1. If you create new role and make it radiate green by ticking all the boxes, turns out that this role will be missing some 64 privileges that are in the System administrator role (helpful script). Comes as no surprise that most of the missing privileges are related to new SP1 functionality in the area of SLAs and entitlements. Unless security dialog is completely revised, CRM functionality will always be one step ahead and the advice stands: copying system roles and creating from scratch are not the same.