In a previous chapter, we learned about how access controls (AKA security rules/ACLs) control whether a user can access a record, or perform a certain operation upon it (read, write, delete, and so on). Access controls have a great deal of functionality without scripting, but do have the capability to execute server side scripts if the Advanced tick-box is checked:

This script should evaluate to either true or false, depending on whether the ACL should allow or deny access.

Don't forget that for a user to pass an ACL challenge, all three conditions (the condition builder, roles list, and script) must all be satisfied!