Liferay Portal introduces a new security model that incorporates a fine-grained permissioning system to give administrators full control over access and privileges to portlets and objects within the portal. In all prior releases, permissioning was handled on a per portlet basis and was therefore limited in use and difficult to maintain. In this new release, the vast majority of permissioning logic has been extracted into its own framework so that the integration of permissioning into new portlets is minimal. In addition, the permissioning logic has been greatly enhanced so that administrators can finely tune security within the portal. This document begins by giving a high-level overview of all the entities involved in the security model. Some entities have always existed in the portal and should be familiar to administrators, but others are brand new and therefore require definition and explanation. Next, a discussion of all of the ways to assign permissions to users is given in a use case format.