Hi Caroline,
Each entity can be used in a variety of ways - as I think I've suggested to you previously.
Security permissions is not particularly well explained by Microsoft.
There are some basic security settings each user needs to be allocated personally and then additional privileges can be given to them as a member of a team. Many of these sit on the Core records , Business Management and Customization tabs. Unless it's an entity you know the user does not need access to, or functionality you know you don't want to give them, don't just remove security permissions from these tabs.
Suggest you start by looking at the OOTB security role for a Customer Service Representative (or Salesperson if that is more what the person is).
You may like to copy this role and create a new one that you can adjust / play with (Settings>Security>Security Roles>Select the role, Actions, Copy Role).
Normally I'd remove all security permissions to delete any records (especially for a standard user).
All Activities security is managed under the Activities line on the Core Records Tab.
If you're not using e.g. Sales you can normally clear the Sales tab (set everything to empty Harvey-balls). You may also not need Opportunities or Leads on the Core Records tab.
If you're not using e.g. Marketing you can normally clear the Marketing tab (set everything to empty Harvey-balls).
If you're not using e.g. Service / Service Scheduling you can normally clear the Service tab (set everything to empty Harvey-balls).
You may want to give them access (on the Custom tab) to some/all of the custom entities that you have created. Normally they will only need Read, Append To & Append for any Lookup-style entities you have added.
Normally I don't play around with Business Management or Customization - unless there is a specific function the role needs / or doesn't need e.g. you're not using Goals.
For a 'go live' I'd normally restrict who can bulk edit and merge (it's really useful functionality but people can do a lot of damage, with bulk edit in particular). If record security is an issue you may need to restrict the ability for people to Export to Excel
Then just remove privileges for any entities they specifically don't need access to. If you go too far and break something then you can always add the security permission back in.
