I find the Profile and Role management extremely confusing. I prefer to use just the "Share" page under "Application Settings" and manage rights by user. Unfortunately, it looks like the Profile and Role settings are overwriting what is stated in the "Share" page. For instance, I set up a specific user so he can see just one specific report. The "Share" page is set up correctly, but because of the fact that his Profile is "user" and his Role is "Employee", he can still see other sections and forms. How can I simply manage the user at the user level?
I wished that there is a simple matrix with on the rows the list of all forms/reports and on the columns the list of all Roles, so I can check what each role can see/do (not see, see record only, edit record, modify object).