There isn't sufficient documentation to cover what type of access each security role grants to the user. In general, security documentation is extremely poor. Even our implementation specialist couldn't give us any sort of documentation to help us out. This makes administering security permissions incredibly frustrating. It's often a guessing game and users almost always end up with way more access than they need and access to more areas of the site than you would like.