Yes, I know this step can be a little confusing, just let me explain how to proceed.
First identify roles in your team, and decide of a permission for each role. 

In the context of a restaurant, the hierarchy could be as such :

Head chef
Sous chef
Chef de partie
Demi-chef de partie
Commis

In the context of a food retail business, the hierarchy could be as such :

Manager
Food safety controler
Operator

In the context of a multi-site restaurant, in terms of food safety, the hierarchy could be as such :

Food safety manager
Controller
Corporate Executive chef
Single-site Executive chef
First sous-chef
Sous chef

Therefore you will need to decide who can view, edit, delete or create records for every module.  

Like that : 

Did this answer your question?