Global permissions are applied to individual roles. Roles can then be assigned to specific users to let them inherit all permissions defined in the role.
To configure the roles access the settings and select the Security section.
To configure roles you must first select the Roles tab (1)
You should now see an overview of the existing roles. You can edit and delete (2) existing roles or create a new one with the Add new button (3). Please note that Administrator and Anonymous are system roles and you should not delete them. You can edit Anonymous though to configure which permissions users should have when they are not logged in.
When editing a role, you will be able to add and remove permissions from the role.
You can use the arrows in the center or double click to add/remove a certain permission.
The permissions are based on a naming scheme. The * symbol serves as a wildcard.
ObjectKind:[scope]:action
So e.g. Project:Jabylon:edit would allow users with this role to edit the project Jabylon. A permission Project:*:view would allow users with this role to gain view access to all projects. The permission * grants all access rights.