For a good overview of permissions and the security model, see "Who Sees What" https://www.youtube.com/playlist?feature=iv&list=PL6747B4DAE356E17C&src_vid=j95gONjVNFU&annotation_id=annotation_3209566513
Basically - permissions is the fields that a user can see and the things they can do in Salesforce (eg Export Reports), these are controlled by Profiles and Permission Sets. Sharing Rules and Roles controls which records users can see. Think of sharing rules as slicing your data horizontally, (which rows in a spreadsheet) and permissions as dicing your data vertically (which columns in your spreadsheet).
You start off with an Admin user only... you need to get your whole permissions structure set up.
Steps:
https://help.salesforce.com/HTViewHelpDoc?id=admin_fls.htm
See the Salesforce Help for Permission sets as to what can be done in Permission Sets and what can be done in Profiles.
Roles control which records users have access to. Eg West sales reps should not see East sales reps's leads, but the Manger should see all of them etc.
Eg ensure that the Managers of sales reps can Read and Edit the Leads, Accounts, Contacts, Opportunities, Cases of their Subordinates.
See https://help.salesforce.com/HTViewSolution?id=000001139 for security for each edition of Salesforce.