Hello,
I am working on permissions and i have several questions on this theme.
What is the contexual role?
Why the forced role not seen in the log?
If i force a role, does it inherit the permissions from autheticated or should i give all authenticated permissions to the forced role?
Whar is the difference between an auth client and a user ?

When someone does something, the contextual role may apply to the user performing the operation based on the context of what they are trying to do.
For example this contextual role (creator) would apply if I was interacting with a resource that I created.

You can read up more about it in the administrator guide

Not sure what log you’re referring to.
Could you elaborate further?

Forced roles only assure that the given user will have the required set of roles when authenticating via some auth client. The same applies to permitted/prohibited options.
How access control checking works remains unchanged.

A user is someone who is going to log into Corteza – a user, your employee, some automaton runner.
An auth client is something that defines how the authentication will look like; the OAuth2 configuration, what grant type it should use, permitted/prohibited/forced roles, …