Roles in Stratum allow you to define what information a user has access to. This can be for dimensions (things like divisions, business units, regions etc.) and measures (things like costs, GL amounts, margins etc.). A user can be assigned a role in two ways – directly in the User Profile admin function or via a User Profile Group, in which a role to specified for multiple users in one place. The help for roles and security in Stratum is pretty good and you can read a good overview here.
Security in Stratum is easy to set up and allows you to specify a specific dimension value – say a division – to limit users to, or you can set up a list of values – say a list of territory’s – they should have access to.
I would recommend you apply security at the ‘highest’ level possible, like a division vs. a ‘lower’ level like customer. Maintaining lists of 100s or 1000s of customers is annoying and error prone while a list of a few divisions is much easier to manage and less error prone.
The other part of the security puzzle in Stratum is User Profile Groups – which also allow you to assign which View Groups a user see’s when they sign on, what homepage they see and if they see some of the Stratum management options. Although the User Profile Group is not a security thing in and of itself it does allow you to group multiple users together and then assign them a Role.
Quick overview of security – hope it helps – check out the link to the help for more detail.