In this session we will look at authorities and permissions and how they are combined to produce an access control list. We will move on to cover ACL inheritance, how and when ACLs are enforced and more general security configuration and customisation. The security configuration for Records Management will be used as an advanced example.