In NAV/Business Central to set up user right and permission you can allow everything - assign user permission SUPER or allow access to specific objects. It is not possible to allow everything and block something for user.
In standard NAV/ Business Central version there are predefined Permission Sets to special objects. Administrator can assign permission for user.
Anyway every consultant faced with task to set up new Permission sets. In previous NAV version to set up user roles with user permissions is was painful task.
As very experienced consultant you should know all application area and object numbers to assign correct object numbers and don't miss anything.
In Business Central it is not able to modify standard Permission sets. It is possible to copy existing permission set or create new one.
And the best news!
It is possible to record User-Defined permission set
Click Start and go to do user actions.
After user actions click Stop
and system will write all objects were executed.
If you use previous NAV version, you can check if Code Coverage is available for your version, if yes - you can used this tool to record list of objects during user operations and create user permission set based on this list of objects.
Please notice in this case you need to add info about permission level - Read, Insert, Modify, Delete.