Setup > Security > Sharing Settings
You should limit permissions by default and then open up granularly. Therefore, by default Account, Case and Opportunities should be set to private and opened up where necessary.
Set Account, Case and Opportunities should to private
Enable this if you have external authenticated users or chatter users.
Button at top of page for Enable External Sharing Model. This will enable external access to default the same as internal access. It can be more restrictive but not greater access.
This allows lateral sharing eg people in different roles but at the same level.
and then you can set access to:
To enable this:
Setup > Security > Login Access Policies - Administrators Can Login in as Any User - check box and save.