Magento uses roles and permissions to create different levels of access to the Admin.
When your store is first set up, you receive a set of login credentials for the Administrator role,
with full permissions. However, you can restrict the level of permissions on a “need to know”
basis for other people who work on your site. For example, a designer can be given access to only
the Design tools, but not to areas with customer and order information.
In addition, you can further restrict Admin access to only a specific site, or set of sites and their associated data. If you have multiple brands or business units with separate stores on the same Magento installation, you can provide Admin access to each of your business units but hide and protect their data from other Admin users. If an Admin user’s access is restricted to a specific set of websites and/or stores, the websites and stores for which they are not authorized will either not appear or be grayed-out as inactive. Only the sales and other data for allowed websites and stores is shown.
Permission levels can also be set for specific variables and blocks