You can determine which sets of users have access to the data in the context by setting access control rules in the domains associated with the context where the data resides. You can also establish the set of access control permissions users can view and edit when they manage the security of individual objects from within an application context.

Use the Policy Administration utility to create policy rules. For details on domain inheritance and setting policy rules, see Administering Domains and Policies.

Use the Preference Management utility to establish the set of permissions users can view and edit. For details, see Creating and Managing Access Control Rules.

The Team link that is available in each context allows you to set up the role and role memberships; these can be used as the system groups against which the access control rules are set, as described in Managing Access to Data through Team Memberships.

Use the Participant Administration utility to update users who have changed in your user directory service or create and update user-defined groups at the organization level that can be used as team members. For additional information about managing users, user-defined groups, and organizations, see Participants (Users, Groups, and Organizations).

Additionally, you can limit the visibility of the actions in the user interface for users, user-defined groups, and organizations. For more information, see Profile Management.