Several tags are secured with a username and password (see the docs). This allows group level security on tags such as SAFILE which can manipulate files using absolute path names.
The SAUSERCONTEXT tag can be used to control access to these special tags, and even datasources.
SteelArrow can also act as a filter to control user access to directories, or files.