The idea is to have basic permissions on users to let them (or not let them) access specific sections of the application: invoices, estimates, credit notes, clients, products, email logs.