Judging from the permissions in CRM it doesn't seem to allow you to distinguish what a user can see when it comes to a particular account.
You can set the security on a number of fields for all accounts they have access to but we are trying to get it to work so they can only see a number of fields or entities on a particular account and so forth.
Is this even possible with CRM outside the base package scope?
The security role determines the privileges that a user has (e.g. create, read, update...) and the extent to which the user can exercise the privilege (own records, records owned by anyone in the same business unit as the user, etc).
You can apply field level security to custom fields but not out of the box (system) fields.
Can you post a more general high level description of how you would like security to work? Do you want everyone to see all accounts but some people only some or some other variation?