You can access permission configuration from the Administration perspective. The Permissions group allow you to define access rights on the different Data categories and Access rules.
Access rights
Default access rights are set on every data entity of every category according to what each role is expected to do. This is a default configuration that you can change by accessing the categories under the Access rights menu. By defining access rights, we specify for every element that can be an entity, one of its fields or a set of those, if it is displayed and if so, if it is editable for a given user’s role. Access rights are also applicable to operations such as the creation of new records and services such as the import and export of files.
Access rules
While access rights involve user roles and data structure, access rules restrict access according to data values. You can apply them to the occurrences of an entity or to a field. If the field is left undefined, the access rule will determine the access to every occurrence. The example below determines the access to occurrences of the Application: All applications containing the word Secret in their label are hidden from business users. The condition is expressed as an XPath predicate starting at the root of the entity where every field must be seen as a step in the path. See Supported XPath syntax for more information.