Sometimes you need to restrict access within Salesforce for certain users or roles.  Unfortunately if you are using the default sharing settings, this is not possible as sharing roles can only grant access, not restrict.

The best solution is to do the following:

1. Create a public group that includes all roles except for the one(s) with restricted access.
   Role Hierarchy:
   
   New Public Group:
   
2. Create sharing rules that mirror the existing Organization Wide Defaults:
   Current defaults:
   
   New rules:
   
   The first rule gives Everyone (Excluding Consultants) the Read/Write access to the Sales Consultants’ accounts and opportunities.  The Management and Administrative roles will have read/write/transfer access through role hierarchy.
   The second rule recreates the existing org wide default sharing rules, but only for the Everyone (Excluding Consultants) group.
3. Change the org wide defaults for account and opportunity to private (make sure to do this step last).
   
4. Repeat for other objects as needed (process may vary slightly).  If you understand role hierarchy this should be pretty straightforward.

When you add new roles to your organization, make sure to add them to your public group, or they will only be able to view their own accounts!

I created an anlaytic snapshot for opportunites in my org, just to learn the process.  I got asked for some data recently that coincided with my snapshot and I thought that was pretty cool.  Setting up a snapshot is not too difficult but there are a few sticking points.

First, follow the official blog guidelines here.

A few notes on snapshots:

1) Pay close attention to lookup relationships- follow the blog.  I tried this on my own and got confused and then annoyed, and then found the blog.

2) Limit of 2000 records.

3) The snapshot mechanism cannot copy records owned by inactive users.  This means if a sales rep is no longer with the company that person’s pipeline should be transfered to an active user before the snapshot is triggered.  For this reason, I recommend the snapshot report include the following filters: a) open opportunities only and b) active users only.