All the methods of the API require an authenticated user, and will access the resources on behalf of that user.
While a permission can be the ownership or read or write, generally a user can have permissions to the following resources:
Calendars: His personal calendars, calendars of the groups that he belongs (for example, space calendar), and calendars that are shared to him and his groups.
Events/Tasks: When the user has access to a calendar, he has access to its events and tasks. He also has access to an event or task if he is a participant or delegatee.
Occurrences: When the user has access to a (recurring) event, he can read its occurrences. The API does not support the way to edit individual occurrences.
Invitations: When the user has access to an event, he has access to its invitations.
Attachments: When the user has access to an event or task, he has access to its attachments.
Categories: Any user has write access to his personal categories and read access to common categories.
Feeds: Feeds are always personal, so any user has access only to the feeds created by him.