Access control is always one of those topics that people are either really excited to hear about or bored out of their mind hearing about, so I won't spend too much time on it. The fact is that access control plays a huge part in a system like Nova NextGen. Some game masters want their players to have more control, others want less. Games are rarely identical when it comes to this, so it's important to have something that's granular and allows for game masters to really fine tune the access their members have.
In Nova, I moved everything over to a role-based system, which is a lot easier to manage than the previous way of doing things. But a single role for each user made managing things more of a pain. If you really got into situations where you wanted different people to have different permissions, you'd end up having to create new roles just for a single person. Then managing all those different permissions for the different roles would be a lot more cumbersome.
The general idea behind the changes in Nova NextGen's access control system is to use lots of small roles and assign all of the roles that apply directly to the user. Each role is made up of a lot more permissions too, so it's easier to create a role that allows someone to edit something, but not create or delete. There will be tons of permissions with Nova NextGen, so picking and choosing exactly what you want in a role will be easy.
And since the idea is to use lots of small roles, it means you won't have to duplicate permissions across roles. Want someone to be able to manage positions but not departments? Just make sure you have a role specific to managing positions and only select the permissions you need for that. Not only does it simplify things on the backend, but it also gives you more control over your game.