In some cases you'll need complex permission rulesets. If different user roles should have access to different data, you will need to create a different rule for every user role. If users should have different levels of access to records depending on the content of the records, then you will need to create a different rule for each access level, with record filters set accordingly.
- You can have a different rule for different User Roles
- You can apply multiple rules to one User Role.
If you edit a rule so the user can't perform a particular action, double-check that you don't have any other rules giving them access. Think of permissions as granting access rather than restricting access.