VEVA has it's own authorization system. The main goals are speed and hierarchy based authorization. Where privileges are inherited down the entity-hierarchy.
So if a users has view privileges on the root node he has view privileges on all child-nodes of the root.
A basic hierarchy-tree looks something like this:
Root
Websites
Pages
Page..
Assets
Folders..
File
Documents
ModelsFolders
Models
List
GlobalEntites
More granularity can be implemented as needed.