Permissions for actions come from which security group(s) a user belongs to. A user must be a member of at least one security group, and can be a member of multiple groups. The permissions and rights granted to a security group are assigned to all of its members.
Default security groups are included in RB9. These built-in groups have been granted useful collections of rights and permissions. Individual users can be members of multiple security groups, so if someone's responsibilities overlap different areas, such as someone who oversees both calendaring and billing, administrators can give that person access to both areas through membership in different security groups.
In most cases, built-in groups provide all of the capabilities needed by a particular user, but you can add your own groups, if needed. See Managing groups.