You can find the list creating a new rules.

With this rule we are making visible to users buttons and functions: for example in my script AuditAmind can't see the button "Modify" or "new sheet" because "sheet" is not visible to him. The same is with "dimension" or "measure": if you exclude them the user can't create new dimension or measure because the button "create new dimension" is invisible to him, but he can use what exists already.

I used CreateAppObjectsPublishedApp and CreateApp security rule  and user.role to create 4 user levels:

1. contentadmin  can only navigate

2. auditadmin can use storytelling

3. deploymentadmin can modify apps

4. rootadmin can create app

CreateAppObjectsPublishedApp:

( !resource.App.stream.Empty() and
resource.App.HasPrivilege("read") and
(!user.IsAnonymous() or
user.roles="ContentAdmin") and
( resource.objectType = "userstate" or
resource.objectType = "bookmark" or
resource.objectType = "hiddenbookmark"))
or
( !resource.App.stream.Empty() and
resource.App.HasPrivilege("read") and
user.roles="AuditAdmin" and
( resource.objectType = "story" or
resource.objectType = "snapshot" or
resource.objectType = "embeddedsnapshot"))
or
( !resource.App.stream.Empty() and
resource.App.HasPrivilege("read") and
(user.roles="DeploymentAdmin" or user.roles="RootAdmin" ) and
( resource.objectType = "story" or
resource.objectType = "snapshot" or
resource.objectType = "embeddedsnapshot" or
resource.objectType = "dimension" or
resource.objectType = "measure" or
resource.objectType = "masterobject" or
resource.objectType = "sheet"))

The only way I can think to make measure and dimension visible, but fields invisible to one user is the parameter HidePrefix in the script. Every field that starts with the character set will be invisible to everyone, in filter or functions, but you can use it.  I use it to hide tables link key, but also with normal field that I want to hide.

I don't know what LoadModel, AppProps, app_appscript, genericvariableentry means.