Better controls for Staff permissions

At the moment all kind of permissions still have full access to the home page which contains recent activity with new leads, names of patients.
Also from home page they don’t have access to other things like Leads, Finance but if they have access to “Practise” then form there they get access to other these pages that should be not accessible.

This needs to be done as it does not comply with GDPR and CQC regulations