You can create an unlimited number of roles and groups. You set the permissions on the role, specify which role a group should have and then on the user you specify which user group she is a member of. A user can have different groups in different projects. Permissions on data (issues, documents, etc) are based on user groups.
Every function in VisionProject can be "access controlled". This way you can also access control the specific tabs per project.
An issue can also have permission. Choose if an issue should be Public, Private or only visible for a number of user groups. You can also make the issue read-only for certain users or user groups.
Individual issue fields can be controlled with permissions, thus allowing only some user groups to see the field data.
Access to comments on an issue can be controlled with permissions, thus allowing only some user groups to see the comment.
This is useful to, for example, separate in-house discussion about an issue from customer related communications on the issue.
This is also the way you control what users have access to different documents in the system.