The security structure in Finance and Operations apps is role-based, and all users must be assigned a role to gain access to the application.
Role-based security uses a hierarchy, with permissions representing the most granular security control and roles representing the least granular control. Permissions are assigned to privileges, privileges are assigned to duties, and duties are assigned to roles. A role represents the broad, daily responsibilities for a job. A duty correlates to a business process. A privilege represents access to perform a job task. Lastly, a permission represents access to a securable object, such as a specific button, field, or page in the user interface.
While users are assigned to roles in the Finance and Operations apps application by using the System administration module, new roles, duties, privileges, and permissions are created in Visual Studio. A data security policy denies access to certain elements in the user interface. By using the XDS framework, you can assign data security policies to roles.
Security permissions policies define access to various parts of the system and are created based on queries. Many security policies exist in the AOT, but like other security elements, you can create new security policies by adding an item to your project in the Solution Explorer window.