We definitely need a way to control access to different stores on a per-user basis. One specific instance where this greatly affects us in in regards to our test/development store, where we create and manipulate orders for testing purposes. We have seen instances where duplicate orders have been created: one order was in the live store where another version of it was in our test environment store, and customer service most likely created a return label (or performed some other normal expected operation) causing the duplicate to be created. It was not their fault: they performed their normal duties. This would have been avoided if customer service did not have access to the test store in the first place.