Let's say, you only want accounting clerks to work with the current year's data and have read-only access to historic content. If you try to do this with role-based security the picture will get really ugly.
Now if you split your accounting into payable and receivable, it will get even messier. What are we going to do about it?
Role-based security that we just looked at is lock number one on the door. Sometimes you'd want a more detailed control than it can give you. We need more locks on that door!
If Debbie is in Accounts Receivable and tries to access any content in Accounting then our lock #1, the role-based security, will be open. But we need lock #2 to be closed when she accidentally tries to modify a historic record or a document in Accounts Payable.