...
Roles can be assigned to any security principal that is available in the Fedora security context. This can include things like a user, a named IP range, LDAP group or organizational affiliation. You can also assign content roles to the Everyone principal, which is present in every Fedora security context.
Authorization
...
Modules
Fedora 4 will intercept JCR operations in order to enforce policies that are based on the Fedora object model and other node characteristics. While a single Fedora API call may span several JCR operations, these will be joined by a JCR transaction and may all fail together due to a permission check.
...