Yes, I know this step can be a little confusing, just let me explain how to proceed.
First identify roles in your team, and decide of a permission for each role.
In the context of a restaurant, the hierarchy could be as such :
Chef de partie
Demi-chef de partie
In the context of a food retail business, the hierarchy could be as such :
Food safety controler
In the context of a multi-site restaurant, in terms of food safety, the hierarchy could be as such :
Food safety manager
Corporate Executive chef
Single-site Executive chef
Therefore you will need to decide who can view, edit, delete or create records for every module.
Like that :