Security profiles apply to both internal and external users. By organizing SIDs into a hierarchical structure, similar business processes that are shared between various users can easily be distributed without having to manually declare all of the secured elements for each role. Each security role can be made up of any number of security groups, which in turn are made up of related security identifiers. Any changes made to a security role must be published before they can take effect.
Authorization evaluates a user's access to secured elements in the application based on his or her user security role. Every authorized user is assigned a security role; therefore, it is possible to authorize every user against any secured element of an application. External users are more restricted than internal users in what they can access.