The list of operations in Azman is the list of API rest functions exposed by the application. So 2 different tenants are sharing this list.
For example if i take a simplistic example of a calculator application, the operations (REST API) would be Add, Substract, Multiply and Divide.
Then for in each tenant, we define custom roles / taks that aggregate the possible operations. So for tenant 1 we could have Admin = (Add + Substract + Multiply + Divide) and Simple = (Add + Substract)
and for tenant 2 we could have something very different like Consultant = (Add + Mulitply) and Manager = (Divide + Substract)
Each users get assign to a collection of role, and then when the try to access a function of the API, we can check that their role covers this operation.
Let me know if this looks clearer to you