Access control is critical to the security of our application. Beyond proper credential encryption, hashing, SALTing etc, access control is the next line of defense in protecting our users data.
When giving elevated access to a User for a particular part of the system, we use a methodology called RBAC. This means that we create Roles where we assign permissions and apply filter policies. These Roles then get assigned to Users who have their CRUD access to Lists, Records, and Fields determined accordingly.