ApliqoFPM does leverage the security of the underlying TM1 database but comes with pre-configured roles that make the setup of new users straightforward.
Clients are the users that log onto the system. Each client can be assigned to multiple groups that will determine what access rights a user has throughout the application. Generally there is a difference between read or write access to cubes as well as processes that are executed (e.g. to copy data). Additionally element security can be used on certain dimensions, most importantly the company and business segment dimensions to restrict read or write access to certain areas of the business. Setting up the element security has already been explained in the "Dimension Setup" chapter.