Roles and Permissions
Within the 'Settings' options you have the 'Roles and Permissions' screen which allows you to create different roles and then assign what that role can do within each app. For example, if a user (or team of users) should only be able to work with a specific app you can create a role, assign that user or team to the role and then give that role access to that app only. Within each app you can decide whether a specific role can access or approve transactions, and whether they can read, write, amend or delete data for transactions within that app.
In the example below, the role 'TESTER' has full access to the app 'Supplier Amendment Demo' but no access to 'Supplier Amendment'.
Within the app design you can also set whether fields are visible or read-only for each step of the process. So if an apps data should be editable at some stages, but read-only at the final approval for example, you would build that into the design of the app so that regardless of the users roles they couldn't edit a read-only field at the final approval stage.