The role-based security feature provides a login and authentication mechanism so that content can only be accessed by appropriate users. User groups (roles) can be managed using the ACP. Users can belong to one or more groups.  When the application settings 'Enable group security' option is enabled, group security is enforced. Permissions can be set (granted) on a per content, category or section (Content Type) basis. Individual users, or entire groups can be assigned permissions. The permissions that are available (view,add,edit,approve and delete) depend on the granularity (or "level") of the item. When no permissions are set for a given content, category or section -- the default security settings (based on user access level) are enforced.

Permissions are set using the Web-based ACP