The Access Control page can be found in the administration menu under Security. The access control page lists all the access entries in Continua and allows you to create, edit and delete them.
An access control entry allows you to define fine grain permissions for users and groups at a global level. In it's most simplest form, it allows you to assign Role(s) to Users and Groups. Continua has set up a few defaults for these situations, the Administrator role is assigned to the Administrators group for example. By default, any users in the Guest group have the role of a Guest, which is setup to have no permissions at all. You may decide though that you want guests to be able to see all Configurations in a system. To allow this, you would edit the Guest User entry in the access control list and select the Allow check box for the View Configuration permission. The possibilities are endless and there's more than one way to go about setting permissions. You may find it's easier to just create Roles then assign Users/Groups to that Role. Alternatively you can assign a User/Group a bunch of permissions and not give them a Role at all.
Clicking the "New Entry" link will pop up a dialog with all the input fields needed to create a new access control entry.
The "New Entry" dialog is split into two sections, Roles and Permissions. Click the "Show options to explicitly allow or deny permissions" link to show the permissions section. You can select Roles and Permissions at the same time or even select one or the other.