I'm working on a plugin that will be used by only a small number of employees. They should not see any other aspects of company operation on the admin side, but there appears to be no way to shut them out of everything. I added a test user to find out what they would see, and enabled nothing but a single one of the admin tools (just so something would show up). This test user can see the entire admin dashboard with customer names, phone numbers and email addresses, company statistics, and a lot of things I don't want them to see. I think this could be a security concern for many companies.

The only menu items available to them were Modules, Customers, Locations / Taxes, Localization, Reports, Tools, and Discounts, and there was only a limited number of choices under each of those menus. But I do not want these employees to see anything other than the single plugin that they will be using. Is there some reasonably uncomplicated way to do that, so that when a person with a certain profile logs in, the screen goes directly to the code they need to see and use?