Security settings for users is a combination of the user's role and their permissions. The role is set at user creation, but the permissions are not necessarily set at that time. In other words, if a user is created, but set to unlicensed until the admin is ready to grant them access, they would be able to access nothing.
This procedure first removes the automatic rights of all users to access all objects, then selectively adds roles and permissions back in via Groups:
Create a Group for new users. For instance, a Sales group for all salespeople.
Click Groups on the left panel, + New Group, name it, click Create.
Add users to this new group by clicking on the group name, then + Add Users, select users and click Add Users.
Click Explore on the left panel.
Click Top-Level Projects on the main pane→ Select All → Actions → Permissions.
Click … (three dots) by All Users → Edit, and change to None the dropdown for Project, Workbooks, Data Sources, and Data Roles.
Click Edit Content Permissions on the top right, select Locked to the project, click Save.
Uncheck all projects, (assuming there’s already a project for Sales)
Click … on the right of the Sales project → Permissions → + Add a user or group role → select Sales → select Project = Publisher, Workbooks = Editor, Data Sources = Connector, Data Roles = Interactor
Click Save. Now anything that is saved under the Sales project will be accessible by users in the Sales Group.
Select all other projects that each user or group should not have access to.
Unintentional Access to Projects: User with greater rights might accidentally save workbooks or data sources in those folder exposing private data to the wrong people. We highly recommend selecting the projects that the user or group should not have access to.