You can give some users access to certain users and/or projects, plus specify what exactly they can do. This work on a per user basis, meaning each user can have a different set of permissions.
For example, you can say that PersonA can manage all users, but that they have view-only access to everyone’s time entries.
Or, you can say that PersonB can manage all projects that belong to a certain client/department, plus add/edit time on those projects.
Step 1: On the Team page, you can see who has the manager role and grant it right there.
Step 2: When you open the permissions for that user, you can specify what that person can do.