There are three kind of permissions (in a hierarchical order):
READ, WRITE, ALL.
All sub-entities inherit the permission of their logical parent. E.g. WRITE permission on a package leads to WRITE permission on a compound which is stored in the package.
Whenever trying to access a group or a package (including its content) enviPath checks whether the user is allowed to perform the desired operation or not. READ permission allows the user to see the whole content. If only READ permission is granted and the user tries to edit an entity an error message is shown about the user not having the permission to perform the desired operation.
If a user wants to add/edit/delete sub-content of a package or a group they must have at least WRITE permission. Even if a user has WRITE permission they are not allowed to delete a whole group or a package. But the user is able to delete sub-content (e.g. a user with the permission WRITE on example package MyAwesomePackage is able to delete a compound stored in the package but they are not able to delete the package itself.).
The permission ALL is only assigned to the owner (the user who created the package/group). This permission must be granted to delete a whole package or a group.
To assign permissions the webpages of a specific package or group provide an Actions button. After clicking the Actions button the user can click "Permissions", select a user from the dropdown and grant permissions. By unchecking the box of a listed user or group the permission will be revoked. Keep in mind that WRITE implies READ and no READ implies no WRITE.
You can also "publish" a package which means that you allow READ or WRITE permission to the anonymous group. Keep in mind that every user is member of this special group.