1. A rule consists of actions and the resources upon which the actions are permissible
2.Document-level access control allows developers to grant users privileges that are scoped to specific record
3.Each privilege action in a role can be scoped to a different record
4.None of the mentioned