Recall that authorization pertains to controlling access to functionality. User-specific authorization can be enforced by the client applications as well as the Content Server. Client applications utilize a user's client capability to enforce access control for functionality within the client application. They can also utilize roles to manage access to functionality within the applications. Roles are discussed in Chapter 6, Groups and Roles.
On the other hand, Content Server utilizes basic and extended privileges to enforce access control. As we will see in later chapters, Content Server also enforces object security in addition to these privileges.
dm_user.client_capability attribute stores the client capability ...