Access levels define the level to which a user can perform read, create, update, delete, and other actions on an entity. We can understand the access-level hierarchy with the following diagram:

Let's discuss these access levels in detail, as follows.

• None: If the access level is set to None, the user can't perform any access on any level of the entity record.
• The User access level allows the user to access entity records owned by them, shared with them, and assigned to them. All these operations can be associated with the user directly or can be done by their team. For example, a user can access records owned by themself or by their team.
• A Business Unit access level allows users to access records within their business unit. They can access records for all the other users available under their business unit. Let's imagine that a manager of a business wants to access records from all the users under their business unit. We can thus configure business unit-level access to the manager. Business unit-level access means the user will have user-level access automatically.
• A Parent Child Business Unit access level allows a user to access data from their business unit as well as all the child business under their business unit.

Now that we know about security roles, let's look at how we can customize them.

Navigate to Settings | Security and click on Security Roles. Let's open the Salesperson security role and customize it. Take the following steps to customize it:

1. Open the solution that we are using to store our customization.
2. Navigate to the Security Roles link and click on Add Existing.
3. Select the Salesperson role from the available security roles.
4. Change the role name to HIMBAP Auto Service.
5. Navigate to the Custom Entities tab and, in the Make entity row, select all the privileges, as shown in the following screenshot:

In the preceding screenshot, we have set the Make access level for the organization, which means any user who has the HIMBAP Auto Service security role will be able to access the Make record created by all the organization's users. Similarly, we can do the same thing for the Model, Year, and Vehicle entities as well. Click on the Save and Close button to save our changes. Similarly, we can customize other security roles based on our requirements, or we can create a new security role. We can assign a security role to an individual user, or we can use owner teams, whereby security roles are assigned to a team and security roles are inherited by team members.