Authentication using built-in users repository, LDAP, SSO or social networks.

The role-based access control for the data model (entity operations and attributes), UI screens and arbitrary named permissions. For example, John Doe can view documents, but cannot create, update or delete them. He also can view all document attributes except amount.

Row-level data access control - ability to specify rights to particular entity instances. For example, John Doe can view documents that have been created in his department only.