In the role setup, there will not be any permission to a record ie. create/view/edit/full access will not be provided. But we can essentially utilize the EXECUTE AS ADMIN in the server-side script deployment and set it to Administrator it runs the script with all privileges of Admin.
For eg: If a particular role has no “Perform Search” ( related to Global search permission) and “Find Transaction” permission for them if the script runs with EXECUTE AS ADMIN = current role, in the script it block them at the access the N/Search module functions.
Also if the role has no “Invoice” permission technically they cannot access, create, edit or delete invoices. But if the script has EXECUTE AS ADMIN = Administrator, they run the invoice creation/delete logic without any hindrance.
Client Script which runs in the UI will not have this EXECUTE AS ADMIN setup in the Deployment page. So to get different record details etc. we have to use a backend Suitelet for doing this.