In the Administration section, click Permissions. Choose some Resource in the menu and click Show.
Now you can assign or remove global permissions to roles in the permission matrix. The permissions become effective immediately.