System administrators now have the ability to set up and configure applier teams, roles and permissions due to the new resource-based authorization model.

Prior to this release, users and roles were defined through Active directory groups. 
To reduce the dependency on internal operations, we’ve introduced a new separate database for users and roles. This means that the product owner him/herself can add/remove users and assign roles directly from the system, without the intervention of the IT-department. 

Now you can also get an additional dimension, when defining your permissions-schema: Ownership. Before you could only assign access to a group of objects; e.g. user can read Plants or Main Systems, but you could not differentiate which plants or main systems the user had access to.  The benefit of assigning permissions is that it is now possible to  choose between whether the user has access to all objects or only owned objects.