At the individual app level, Workspace Users will be assigned a Role which determines their level of access to that app in particular i.e. how they can interact with the data it contains and whether they can reconfigure that app's layout. Roles are also relevant for those who should not have access to the workspace but just a specific app e.g. a customer - read on for more information.
An Admin has the ability to edit the app's configuration i.e. edit the layout of list and detail pages. They can also see and edit all data - all pages and all records contained within.
A User does not have the ability to edit the app's configuration and can see whatever pages have been set to be accessible to users - see Setting up Permissions for more information.
You can also choose to set up other Role types that are defined by you*. This allows you to create different experiences for different people in your team - for example you might create a Sales Role which can only see and edit the sales information on records that are linked to them or a Manager Role which can see all records and fields. To find out how to set up these Custom Roles, see Configuring User Roles. *This is only available as part of Pro and Enterprise plans.
For more information on assigning Workspace Users these Roles for each app, see the linked article below:
In Stacker there is also another method to grant users access to specific apps in your workspace - Customer Access.
This differs to the access that Workspace Users have as it permits a single app experience only - i.e. the user logs in at an app-specific URL and sees only the content of that app, they do not see the app bar or other apps contained within the Workspace.
For more information on this and a step-by-step guide to set it up, see the linked article below: