Guard settings control access to the transitions, variables or work lists. If a user possesses any of the permissions or roles specified, or if one of the expressions evaluates as true, then whatever is being guarded is accessible. If no permissions, roles or expressions are specified, access is automatically granted.
You can supply several options in each field by separating them with a semicolon.
The context in which the guards evaluate permissions and roles is
obviously important. In the case of transitions and work lists, it
depends on the category. If it's worklist, then the context is
that of the content object, and local roles will behave just as
you'd expect. If the category is global, then the context will be
the site root, so the local roles between the site root and the
content won't be considered.
[Note: What about variables?]