The user permissions control is very simple in AX 2009, The user group is assign the direct access of the AX elements basing on 'Menu', 'SecurityKey' and 'Service' etc. User will be grant all the permissions inheriting from the user group who belongs to.
The user permission control becomes very complex, it is a fully new concept in AX 2012. Each user will belongs to the different role. The role is a performer in the company who has a series of different work duty. The duty contains serveral different privileges which has the direct access control of 'Tables', 'Server Methods', 'Forms' and 'Entry Points'. We can find all this features locating in the AOT node 'Security'.
Code Permissions : Server methods access control, pls. refer to MSDN. http://msdn.microsoft.com/en-us/library/gg880012.aspx
Process Cycles : A group of duty that has the same bussiness logic, it is used to search and assign the permission to the role.
Policies : Stop the user to access the appointed tables. pls. refer to MSDN. http://msdn.microsoft.com/EN-US/library/hh272121