aPriori Access Control consists of three basic parts:

Groups are collections of users. Every aPriori user belongs to one or more groups. Permissions such as Read, Create, Delete, Update, etc. are associated with Groups. Resources such as components, roll-ups, VPEs, etc. are the targets to which permissions grant or deny actions.

Administrators use these building blocks to reflect your organization's structure, so that individuals have access to the things they need to get their work done, but which protect things from users who should not have access to them.

For example, you might belong to groups that allow you to read and update components from your own department, and which allow you to read -- but not update -- components from related departments. And you may not have any access at all to components from a different division of your company.

This is a very over-simplified example, and your administrator may have implemented a completely different model, but it gives you an idea of how Access Control might affect your day-to-day work.