To give users an access to your website you need to assign them Roles in the Admin Panel.
Each Role consists of:
Rules that give users access to different function in a module. You can restrict what user can do with Limitations. The available Limitations depend on the chosen Policy. When Policy has more than one Limitation, all of them have to apply. See example use case.
Limitation specifies what a User can do, not what they can't do.
Location Limitation, for example, gives the User access to content with a specific Location,
not prohibits it. See Limitation reference for further information.
After you created all Policies, you can assign the Role to Users and/or User Groups with possible additional Limitations. Every User or User Group can have multiple Roles. A User can also belong to many groups, for example, Administrators, Editors, Subscribers.
Best practice is to avoid assigning Roles to Users directly. Model your content (Content Types, Sections, Locations etc.) in a way that can be accessed by generic Roles. That way system will be more secure and easier to manage. This approach also improves performance. Role assignments and Policies are taken into account during search/load queries.