BQE CORE provides extensive security permissions for all features, screens, and reports. This allows you to specify who sees what in the application. You can give anyone permission to access all or selective areas of various screens using the Settings > Access & Permissions > Security Permissions screen. Check CORE Help Center for details.
As an example, if you want a Full Access or any other user to be restricted from editing the time entries of others, you must check the security permission Limit editing to self only under the Time Entry drop-down in Security Profile for that user.
Do note that you cannot restrict access to users per invoice. However, you can customize their security permissions and limit their access to the invoices of the projects they manage by un-checking the security Allow access to data of all employees under Invoices in the Security Permissions > Edit Profile screen. You can also restrict them to only bill the projects they manage by un-checking the security option Allow billing of other manager's projects under the Billing screen. Check CORE Help for details on customizing security permissions.