As mentioned earlier, authorization is a process of finding out whether the user, once identified, is permitted to access a resource. This process is implemented by assigning and checking permissions (using roles).
Permission is an action on a resource. The portal provides a full security model incorporated into fine-grained permissions and role-based access control. It will give administrators full control over access and privileges to portlets, layouts, and groups within the portal. This means that there are two main features on permissions. First of all, permissions are fine-grained in the portal. For example, for a given page, permissions could be Add Discussion, Delete Discussion, Update, Update Discussion, Permissions ...