* Permissions are granted to roles (and only to roles) in order to allow
something to users or groups which have these roles.
* Roles are used to grant permissions. Typical roles are *Reader*, *Manager*
* Local roles are roles which are assigned to users and groups for a specific
* Users are actors which may need a permission to do something within the
* Users can be member of several groups.
* Groups combines users together.
* Groups can have roles (these are considered as global).
* Groups can have local roles, that is roles for a specific object.