In addition to each user having a SecLev, as described in the "More Info" link below, each category, record (knowledge object), and record's notes (collectively an "item" as used here) has its own SecLev. We do this so you can match such an item to a user, that is, restrict access to view an item only to users who have the matching SecLev or higher.
The SecLev values available to an item are the same as for a user with the exception of "Public". Users can't have a SecLev of "Public" since that really means they have no SecLev. Such a public user may visit your knowledge base by simply knowing its URL. That is a good idea for a portal with lots of helpful information for the public available on a self-serve basis. By changing the value of categories, records, and record notes, you can keep the public out of some or all of your knowledge base.
The fastest way to keep the public out of your entire knowledge base is to change the SecLev of your root category from "Public". You need not change anything else since the public can't get to anything without first passing through the root category.
The same idea holds for categories, records, and record notes. If you want only users with a SecLev of Librarian or higher to view the records in a category, don't mark all those records with a SecLev of Librarian. You can get the same result by just marking the SecLev of that category as Librarian. That approach also avoids users below Librarian viewing the category at all and wondering why they can't see any records there.
The approach of marking the SecLev of a category has one other feature compared to marking individual records that may be good or bad, depending on your situation. If you restrict access to a category, users without sufficient SecLev cannot see that category , including to pass through it to a sub-category that is below it. This is good if it is what you want, but bad if that sub-category contains records you do wish them to see.
If you have a blog record, in another example, describing sensitive security information about how to determine access rights for your users, you may wish to label its SecLev as "SysAdmin" so that only users with a SecLev of "SysAdmin" or "SysAdmin Billing" (which is higher) get to look at that.
Beyond the above use of SecLev to restrict access, you may also use custom access groups to restrict access to particular categories, records, or record notes. See the "More Info" about that.
Note that an item's SecLev determines only whether a particular user may view it, not what they can do after they view it. The user's SecLev determines whether they may only view it or whether they may edit or delete it per the SecLev, User link in "More Info" below.
For a proper overview of how an item's SecLev fits into overall access rights, see Security Access Management in the "More Info" below.