Hi Mark,
The first point is to be familiar with Netweaver security concept (UME) and UME sourcing of users, either local, ldap, ABAP etc. and then authentication of users because your users can come from a portal, use Kerberos etc. I'll assume you are familiar with that.
The next thing would be to familiarise yourself with MII security concepts, there, pretty much irrelevant of your MII version you should use the SAP MII 12.2 Secuirity Guide
This should give you a good overview and understanding of Security within MII,
Cheers,
Arnaud