Create multiple roles with the access rights that you wish to grant to your users.
To Create a New Role Navigate to 'Administration' > 'User Manager' > 'Roles'.
Press the 'New Role' button on the Main Toolbar.
Provide a unique 'Name' for the Role you are setting up.
When creating a new role, the 'Permissions Policy' is set to 'Deny All by default' as the default setting. This means that all permissions are denied and you can then select individual permissions to allow. Otherwise you may set it to 'Allow all by default' and then select individual permissions to deny. 'Read only by default' allows users to read/see everything but cannot edit or manipulate any data.
If this is an Administrator Role, then set the 'Is Administrative' checkbox to True. Administrators will automatically have access to all Modules and have the ability to edit the Application Model.
If Users linked to this role need to access the 'Application Model Editor', then set the 'Can Edit Model' checkbox to true.
Move on to granting 'Type Permissions', 'Navigation Permissions' and 'Denied Actions'.