The security model allows an administrator to setup one or more security groups and assign users to those security groups. Records (for example: contracts, documents etc) are also assigned to one or more security group. Users are then only able to work with records in their assigned group. You are able to control whether a particular user is able to view only or edit records in their groups.
Click here for more details on how to manage Security