The Faking User Roles document in SDN appears to give exactly what I need. I have a few "roles" that I have access to through stored procedure calls I don't control, read-only, via a CRM I don't have direct access to.
Unfortunately, I can't find the method AddRole, or even the class UserItem, by its present name. Does this functionality exist in Sitecore 6.2? If so, where is it?
THis is a good question for SDN (sdn.sitecore.net). For Virtual Users, look at the AuthenticationManager class. For managing users and roles, look at Sitecore.Security.Accounts namespace.
It seems that the code you're referencing to is for previous versions of Sitecore, I guess, 5.3.X. The security model has changed starting from 6.0 to take advantage of the ASP.NET standard security model.
In order to pull extra roles to Sitecore live from another source, you should implement an extra role provider, add it to the web.config and enable switchers. This article will give you a good overview. Just remember the general thing: Sitecore security (starting from 6.0) relies on ASP.NET security much, so what's possible in ASP.NET should be possible in Sitecore.
If one day you get the direct acccess to CRM, you should be able to use the standard Sitecore CRM security provider to obtain contacts and groups from CRM.
Hope this helps.
Without checking, I'm fairly sure your SDN reference only applies to Sitecore 5.x. The entire security model was redone in 6.x and there is no backwards compatibility.
If I understand what you want to do correctly however, your task is fairly simple. You need to create a RoleProvider, 100% per standard ASP.NET as directed on MSDN (http://msdn.microsoft.com/en-us/library/aa478950.aspx).
Next, you hook this into your Sitecore solution and configure Sitecore to "switcher" mode.
<roleManager defaultProvider="switcher" enabled="true">
<providers>
<clear/>
<add name="sitecore" type="Sitecore.Security.SitecoreRoleProvider, Sitecore.Kernel" realProviderName="sql" raiseEvents="true"/>
<add name="sql" type="System.Web.Security.SqlRoleProvider" connectionStringName="core" applicationName="sitecore"/>
<add name="your" type="RoleProvider, Here" applicationName="sitecore"/>
<add name="switcher" type="Sitecore.Security.SwitchingRoleProvider, Sitecore.Kernel" applicationName="sitecore" mappings="switchingProviders/roleManager"/>
</providers>
And that's more or less it. Your roles will now appear just as any and all other roles in Sitecore, and can be assigned to users and/or roles for whatever purpose you're needing.