in the wiki example the following hasPermission Tag is used

rendered="#{s:hasPermission('Node', 'create', currentDirectory)

currentDirectory is passed as a parameter.

the corresponding rule is

rule RestrictNodeCreateAccess
    no-loop;
    activation-group "permissions"
when
    c: PermissionCheck(name == "Node", action == "create");
    Directory(dirWriteAcccessLevel : writeAccessLevel, dirCreator : createdBy)

    Role(userAccessLevel : accessLevel -> (userAccessLevel.intValue() >= dirWriteAcccessLevel.intValue()) )
    or
    User(authenticatedUserId : id -> (dirCreator.getId().equals(authenticatedUserId)) )
then
    c.grant();
    modify(c);
end;


Directory is a parameter. But where does the objects Role and User come from?