You can find out what permissions a certain property/method requires by checking

1. You can find out what permissions a certain property/method requires by checking the API dump. This contains the definitions of all methods and properties in Roblox, including their permissions.
2.  
3. An undefined identity is any number not listed in the table, so you could make your exploit have an identity of 9, or of 999, but it would still have the same permissions as identity 2. An interesting thing you can notice in the table is that identities 1 and 5 are the same, as well as 0 and 2, and 6 and 7. Several of these identities seem to be unused in the current Roblox version. WHY ROBLOX?
4.  
5. LocalScripts run with an identity of 2, or 3 if the current place is a Roblox place. CoreScripts run with an identity of 4.
6.  
7. If a script tries to access a property or method which is doesn't have permissions to access, the script will error, and print a generic error message into the Roblox dev console.
8. For example, in the API dump: Property int Instance.DataCost [readonly] [RobloxPlaceSecurity]
9. The property Instance.DataCost requires the permission RobloxPlaceSecurity, therefore LocalScripts cannot access this property. We can look at the table above and see that identity 2 does not have the RobloxPlaceSecurity permission. So, if a LocalScript tries to access .DataCost, it will error. HOWEVER, remember if the LocalScript is running at a Roblox place it has an identity of 3, which does have the RobloxPlaceSecurity permission. At a Roblox place, it would be able to access .DataCost without error.
10.  
11. We can see that script identities are just a way of limiting what features of Roblox Lua scripts have access to. This is useful for methods such as "Players:BlockUser". This should not be usable from normal Scripts or LocalScripts. If it were, a game could use it to force a user to block another user by calling it from a Script. You can read the API dump and find many other methods like this which could be easily abused if they weren't restricted.
12.  
13. So, when should an exploit be classified as a "level x"? (x is just a placeholder for any identity) At least to me, calling an exploit a "level x" implies full or near-full Roblox Lua script execution. This means it has access to all or nearly all of the features it would have access to if it were a normal Roblox Lua script running with identity x. To clarify the "nearly all" case, Seven actually had near-full execution for quite a while, it couldn't call require(). If your exploit is missing major Roblox Lua features, such as events, I don't think it should be called a "level x". Instead, I think it should be called a "Limited Lua exploit" or something similar. It should also be noted that the term "level" is a bit of a misnomer, because a higher level doesn't imply more permissions.