Today I was working on an intranet site using Open Atrium. Our client wanted to post their employee handbook on the intranet using the atrium notebook module. The problem is that, by default, all authenticated users are able to post a handbook item. Obviously, this wouldn't work with an employee being able to modify the employee handbook online.
First, I went to the 'admin/user/permissions' page and disallowed the 'create new books' and 'add content to books' permissions for my newly created 'Employee' role. Upon testing an employee user, they were still able to add book content.