The basic thing is to protect the data with both user identification and roles. With users you give a person or a group an access to a database, see:
http://msdn.microsoft.com/en-us/library/ms173463.aspx[
^].
When the user has an access to the database you use roles to handle the privileges, what can be seen or done, see:
http://msdn.microsoft.com/en-us/library/ms187936.aspx[
^].
When you have secured the data with both of these mechanisms, a user cannot see the data he/she doesn't have the privilege to see, no matter what the tool is.