eZ publish comes with a built-in permissions system that is similar to the users and groups systems that you find in a standard operating system. The flexibility and depth of the access control system means you have a great deal of control over who does what within the system, both on the front end e.g. for members accessing the site, and for providing different levels of administration, e.g. people that can add content to the entire site or just one section.
Like a normal user/group system, permissions are set and associated with a particular group; users are then assigned to a group and inherit those permissions. The control of permissions can be quite fine grained, but boils down to read, create, edit, and delete.
The access control system in eZ publish uses the following elements:
Users
User groups
Policies
Roles
A user is a valid user in the system.
A user group consists of users and can contain other user groups.
A policy is a rule that provides access to content or functionality...