Assign specific access rights to each account.
For each account, indicate which feature or app is available. That way, you model the application as wanted. When a feature is not accessible, it disappears from the interface.
For each account and each type of data, indicate the accessible perimeter: All the information? Group information? All except those of a group? Only the account information? Modification prohibited mode? Deletion prohibited mode?
Visit the Authorizations Store and install the apps for the actions you want to authorize or prohibit.
Each action can be activated or deactivated for every colleague.
Is your stock managed by a subcontractor? Give the subcontractor access to stock management only in a specific warehouse. Is your sale staff outsourced? Give them access only to their customer base.