Permission: Permissions are the most granular security element, and they are used to grant access to specific menu items, fields, and tables.
Role: A role is assigned directly to a user. All other security elements such as duties, privileges, and permissions are contained within the role.
The extensible data security (XDS) framework is used to assign data security policies to security roles, which deny access to a certain table, row, or field.