Users are assigned to permissionsgroup.PermissionGroupID. In permissionsgroup we have fields access_permissiongroups and access_usergroups. User is allowed to see ONLY data belong to users assigned to groups or permissiongroups in access_ fields.
For example, manager1 assigned to permissionsgroup that access_usergroups allows manage users from groups X and Y.
manager1 will be allowed to see sales, reports, statistics etc only of users assigned to groups X and Y. users assigned to other groups will not be visible.