SERAM has function-based security controls in place. A function is a distinct operation, such as "Set Value".

In order to define who can do what in SERAM, you can customize and define roles. Each role contains a set of functions, and any user can only perform whatever function is granted (and not denied) by any role owned on a specific resource.

Pre-defined roles exist for the Administrator (non-customizable) and for common roles such as Data Recorder and Data Verifier (customizable).