To facilitate rights management, they are organized in security profiles. Profiles are associated to members on secured entities to create permissions.
For example, a profile with the "read" right can be associated to the anonymous user type and applicable to a book. Anonymous users are allowed to read the content of that folder.
CKS includes a number of built-in secured profiles.