Continua's security model is based on a hierarchical architecture where permissions on the lower levels are checked before Continua works its way up the security tree. The figure below shows the security architecture for permissions applied to a configuration. It demonstrates that any permissions that are set on a configuration take precedence over it's parent project and global settings.
This security model allows administrators to apply site wide permissions for all users while still being able to drill down and set explicit permissions on individual projects or configurations.
Using this model, you could setup your Continua environment so that everyone can edit all the configurations except a 'Release' configuration, which is only editable by administrators.
This model also supports divisioning of projects and configurations. You could setup your environment so that each section of your business can only access their own projects and in turn, their own configurations. The example below demonstrates how you can split up your Continua environment to suit your business.