At a high-level, you should determine the minimal permissions your users, your app, and any third parties require for your wallets. Then, configure each wallet with appropriate owners and additional signers to reflect your desired permissions.

Permissions

Owners and signers differ in the permissions over wallets as outlined below.
OwnersSigners
Sign messages
Send transactions
Update policies
Update owners
Update signers
Export wallet
Can be configured with policies
View common use cases around configuring owners and signers for wallets in the following guides.

Self-custodial user wallets

Create self-custodial user wallets and enable offline actions, server-side transactions, and more.

Managed wallets

Create managed wallets with custom approval configurations and give scoped controls to third-parties.