Security

As a best practice, I recommend not to directly assign roles to any user. Instead, we should first create a relevant group, if one doesn't already exist, and assign roles to this group. A group can have multiple roles assigned and also roles can contain other roles as needed. These features give an immense level of flexibility to the administrators and ensure that things do not get complex.

Administrators can define the Access Control List (ACL) to limit read, write, create, and delete access for field data, records, and tables. With this granular security ability, you may need to create additional groups for elevated permissions (see Chapter 5, Application Scopes).