By default project team members and their permissions defines the access level for all iModels in the same asset/project context. You can read how to set up global iModel permissions on the main page here.
If you need a more granular level for authorization, you can use the individual iModel permission level. An administrator can assign an RBAC role to be more or less powerful for specific iModel versus the full asset/project scope. As a result, you can control individual iModel access.
Follow these steps to set iModel permissions:
The complete configuration is essential because asset/project level permissions will be ignored when iModel has restricted access. For example, if you want to forbid user access to the iModel, set access only for the roles the user does not have.
This matrix shows how asset/project context and iModel permissions are combined to resolve user permissions: