Screenshot of the Global Configuration title bar

globalconfig-permissionstab-thumbClick on image for an expanded view

This is where you control the default Permission Settings for different user groups for certain actions that they can take on the site. These are the default settings and some of these settings can be modified on a individual level within the User section of the Administrative Interface.

The default User Groups are: Public, Guest, Manager, Administrator, Registered, Author, Editor, Publisher and Super User.  These groups have a hierarchy of Parent groups and Child groups, which determine inherited properties. 

Unless you need to change these settings for a particular reason, it is best to leave the default settings as is. If you do change something, be sure to hit SAVE to keep your changes.

As you look at the Permission Settings screen you will see the User Groups listed vertically on the left, with the selected User Group level in black type. To the right are a series of Actions each with a pull down selector that lets you set the permissions for that action for that User Group. For User Groups other than Public, there is a Calculated Setting that tells you whether that Action is Allowed.

Near the bottom of the screen you see a yellow box with some of the rules and definitions when it comes to changing these settings.

Inherited: means that the permissions from the parent group will be used.

Denied: means that no matter what ever setting the parent group has, the group with a denied setting cannot take this particular action.

Allowed: means that no matter what ever setting the parent group has, the group with a allowed setting can take this particular action.

Access Control Levels, ACL

Users, User Groups and Permissions are all part of what is called ACL, Access Control Levels.  It's a very powerful concept and is explained further on this site under the Understanding User Groups and Access Levels page.