ACEs control which actions may be processed by a certain user and are defined for each role with a specific set of rules.
You can call the View user ACEs dialog for each individual user and thus check his authorizations.
Optionally you can filter before.
Detailed information on this is found under Section 1.1.3, “Find users”.
In the user table, in the desired user row, in the Actions column click on the ACEs action.