All Documents saved in an apstrata Store are secured individually with ACLs (from wikipedia: Access Control Lists), allowing developers to specify the Users and/or Groups that can view, update or delete a Document, or more granularly individual fields within that Document. In addition, apstrata provides a "gate" ACL system per Store, allowing a developer to decide the Users and/or Groups that are permitted globally to create, read, update or delete documents on that Store.
A developer can create any number of Stores (limited only by his apstrata account type) to persist different types of data from his application, this would be dictated by security, scalability or application partitioning reasons. As an example the developer might create a Store called PO for his purchase orders repository and another one called Catalog for his inventory description and images.
Upon creation, apstrata accounts are configured with a store named "DefaultStore". An account owner can delete this store and create others if needed.
As described above, ACL settings on each store specify who can invoke each of the SaveDocument, DeleteDocument, GetFile, and Query services in general. For more specific details about Store configuration parameters, please check the SaveConfiguration API.