It is possible to limit actions which users belonging to specific user groups can do on component backend and frontend. Information about how ACL works and implemented in Joomla! is here. To configure default ACL rules, click by "Options" button in toolbar and a popup with user groups and actions appears:
Only super administrators and users who belong to user group which grant to configure the extension can modify ACL rules. Some ACL rules can be overriden in category and publication settings.