Permissions
Permissions define what a user or role may do. They can allow broad actions such as viewing a record type, creating records, updating records, managing comments, or administering a configuration area.
A permission is not always enough by itself. Some record types also use record-specific assignments, field access, or delegated access, so a user may have a general capability but only exercise it on records where the access rules allow it.