Portal Access Control is single decision point within the WebSphere Portal Server. It controls access to all the protected resources.
The Portal server has a concept of protected resource Ex. Portlet, Page, Xmlaccess,.. Portal defines set of actions that can be performed on the resource Ex. Creating a page, deleting a page, updating a page,... In order to control what all actions a user can perform on resource portal has introduced concept of role. Ex. User role means you can perform only read action and admin role means you can perform read, add, update and delete action. So when you want a user John Doe to only view particular page but not update and delete the page then you should assign User role to him for that page. But if you want user John Doe to be able to update and delete page then you should assign him Manager role which allows him to perform update, delete actions on that resource.