Security is an important concern while developing a new application. Who can access various parts of the business should be a part of your implementation strategy.
You can set up the access rights by using existing groups/role linked on the access control list or you can create a new group.
Go to the Odoo Academy application, enter studio mode, click on the Access Control Lists tab, and you will get the list of access controls defined for that model:
Click on the CREATE button and enter the details. Enter a self-explanatory name, choose a group if this rule is applied to specific groups of users else keep empty, and choose what access rights are available to them.
You can assign a correct group on the user form later, to apply the correct access control: