This video explains the SecurityContext.csv file. Explains the different kinds of entitlements and the role of each column in the file. The entitlements defined in the file can be differentiated into below categories.
1. Entitlements that have to be explicitly granted to users using access requests feature
Ex: Application->View All entitlement is defined in this file. And this entitlement has to be explicitly be granted to user using access requests feature for the user to be able to view all applications.
2. Entitlements automatically granted to users on editing objects.
This mostly applies to business sources, business units and reports.
Ex: When an application is edited and a user is made 'Business Owner' of the application, the relevant 'Application:Business Owner' entitlement is granted immediately to the user on saving the changes to application.
3. Entitlements that are are automatically granted to users.
Ex: Role Owner, Group owner, Supervisor.
Supervisor for example automatically gets entitlements to see and edit all the users reporting to him. This happens because of an entry that is defined in SecurityContext.csv file and that entitlement is assigned automatically to user at the time of user login. These entitlements won't be seen in the Access tab of the users.
The explanation of these entitlements and the columns that differentiate these can be found in the video.
The video Creating custom aveksa entitlements would be a good one to watch after this one.