Permissioned Data Flows allow you to define controls on every input and output within Internal (including filters). You can define roles and permission sets per each role through the Company Settings.
You'll see the existing roles in Internal and an "Add Role" button to create new roles.
The Admin role is created by default. Admin users have access to everything, including Company Settings.
You can click on an existing role to view the permission set for that role, and make edits.
Click "Add Role" or click on an existing role name and hit "Edit".
Add/edit your role name. You can use the checkbox to determine if those role should be able to edit Spaces and access environments (if you have multiple environments set up).
For each function, you can use the checkbox to determine if this role should have access. If they do not have access, they won't be able to use or view certain Space components that are tied to those functions. For example, if you have a table component with a function to "list user records" and a role does not have permission to access the "list user records" function, that role won't be able to view the table. Similarly, a button that's tied to a function to "update company records" will be unusable for roles that do not have permission to access the "update company records" function.
Without access, a role cannot utilize those functions within a Space.
For more granular permissions, you can expand each function to set access at the parameter level.