One of the first steps when designing a new Salesforce CRM implementation is to set up data access using the sharing model engine. This specifies who can see what!
To understand how this works, have a look at the following diagram:
Profiles determine Object-Level Security (OLS) and Field-Level Security (FLS). They control which objects a user is allowed to access (right or write capabilities) and which fields are visible and editable. You can create a fine-grained view of what's available for a specific object type.