What are the security roles/levels for architecture?

Given a sample system architecture for a company, where different types of users access the company’s Web App and databases over the public internet, what are the security roles/levels of the systems in this architecture in relation to Information Security and IAM ?

Is it correct to assume these security roles/levels include system level, transmission level, application level, and even ‘people’, etc. ?