This screenshot shows a list of permissions for a role called Course Administrator
You may define whichever roles you think you will need, and each role can be given its own permissions
Permissions are granted for each type of record, and you can choose any combination of View, Add, Edit, and Remove for each record type
Each user can be given more than one role, so their overall permissions are based on all their roles combined
If a user does not have permission to see a record type then links to that record type will not show on their screen, and any attempt to see it will be blocked
