newgrp has nothing to do with security roles...
It sets the processes group id - which in most systems is irrelevent. All groups are available.
Groups are defined as collections of users, group access is granted to files based on the file group.
Normally, (see getgroups/setgroups) all groups are in the process access list. A process may access a file if the file belongs to the user (the owner of the file), or if the file group identifier match on of the groups in the users group list. That access is still limited by the corresponding permissions flags on the file.
Groups HAVE been overloaded with some "role" definitions - but these are only overloaded, and not a good use of groups. The use of a group as a role was supported by the set group id flag, AND by utilities like sudo - where a group name also matches a security control. It assumes that the group name is NOT used for files... but once a user is in the group, that user can then apply the group to a file, even if it isn't what the group was for.
This overloaded use worked where systems did not support true "roles". The overloaded use was just a workaround.
Linux has true role definition - supported by SELinux models, and can be applied to files, users, and or processes.