There are 4 different "roles" that a user can have in SEP.
Can secure and unsecure the whole document, edit settings, edit content, add/ remove users to the access list
A contributor can edit and modify document but cannot add/remove users, or unsecure the document.
A reader can only fetch contents and view, not write back to the secured area.
No access – cannot access the document, this role has precedence over other user added roles
[No access not a role, it is a negative right that has precedence over other user added roles.
If a user is added trough a group to read and then later on as no access all users in the group but the user with no access can read.]