The 1C:Enterprise user rights editor can be used to perform visual customization (with no coding) of the access rights in the configuration, define sets of roles, and define user rights in Entity/Role/Action dimensions. Therefore, the developer can "construct" the roles (manager, accountant, salesperson) and specify the rights to access certain entities for each role (for instance, a manager can edit the inventory catalog, while a salesperson can only view the catalog, etc.). You can, however, select multiple simultaneous roles for each user in the system.
Another important aspect of 1C:Enterprise is the support for both low-level and interactive access rights. Through the interactive rights setting feature, the developer can limit interactive user access to certain system objects but allow program access to these objects in the event that the permitted user actions initiate corresponding data processor. With this feature, the developer does not have to tediously program interfaces (by disabling certain menu items, buttons, etc.). Low-level rights fully block user access to certain objects or functions, regardless of the algorithms called.
1C:Enterprise supports software-based role/rights verification (from the script). Through this, the developer can enhance the rights differentiation system in accordance with the requirements of a certain applied solution by creating (programming) verifications that are not provided by the system automatically.