Within Commander4j security is defined by adding a user to one or more groups. Each group has one or more modules defined for it. There are a number of default/demo groups defined by default.
The above screen allows you to see the groups which are defined within the system. Don't delete any groups until you have determined that they are not needed otherwise there is a danger you can lock yourself out of the application. You can safely create new groups and test them against a test user account. To assign options (modules) to a group, select that group from the list and then click on the Permissions button.