Lianja has Security Roles that control entry into the application (including which database is used, through specification of the domain, which determines tenancy). Those same Roles can be used throughout the application to control visibility and data operations (add/delete/update). These role assignments are baked into the application, and the assignments of role to UI object cannot be changed at runtime. You can change what roles a user has, but that's it.
Fortunately, Lianja also allows creating dynamic permissions for any UI object, using dynamic role assignment. This allows developers to assign permissions to any UI object, assigning CRUD (Create Read Update Delete) permissions. These permissions are evaluated at runtime. With a suitable interface availabe for your installers, or in fact for advanced users, permissions are entirely settable in deployed mode throughout the application.
The trick is having an interface that doesn't require typing. :) That's what the PSP Security Manager will provide.