Adding fine-grained permissions to custom portlets consists of four main steps. This procedure is also known as DRAC.
Define all resources and their permissions.
Register all the resources mentioned in step 1 into the permissions system. This is also known simply as “adding resources”.
Associate the necessary permissions to these resources.
Check permission before returning resources.