Liferay implements a fine-grained permissions system, used to implement access security in custom plugins. The portal extends the security model by the following terminologies: resources, users, organizations, locations, user groups, communities, roles, permissions, and so on. That is, this is a role-based, fine-grained permission security model.
In order to add permissions in the custom portlets, generally, you would carry out the following four steps:
1. Defining all resources and their permissions—defining resources and permissions.
2. Registering all the resources in the permission system—registering resources.
3. Associating the permissions with resources—assigning permission.
4. Checking the permissions before returning the resources—checking permission.