On the Access rights tab, which is present when you have selected a new or existing data source in an application in the Application browser, you can restrict access to this data source, dependent on the user (login name in Windows) and its assigned role.
Click here for information on how to edit properties in general. On the current tab you'll find the following settings:

Access

Here you may define which Roles have which Access rights to this data source. You can indicate for each role whether no access (None), Read access, Write access or Full access must apply.
The access rights that you assign to a role for a data source must be at least as extensive as the most extensive rights to the same role for a method.
Any restrictions imposed here are additional/complementary to the restrictions defined in the database setup. Users who have had their access restricted in the database setup will therefore not be afforded greater levels of access through the application setup.
If a role is not linked to this data source, then each user linked to that role has full access by default. If no role is linked to the data source, every user linked to a role has full access. A user without a role always has full access. Users are assigned to roles in the application setup.

A role that has None access rights applied to a data source, means that users with this role don't get to see this data source in the Select data source window in the application; they can work with the rest of the application though.
A user that has read-access to a data source can search and display records, but cannot edit them or create new records in this data source.
Do note that applying limiting access rights on data source level may not be as save as applying them on database level. For instance, excluding users from writing in a data source, still allows them to create, force or edit linked records in it from another data source to which they do have write-access! If you want to make it impossible for certain users to create or edit records, you are better off setting these access rights in the database setup.

See also

Security in Axiell Collections