Out of the box, you can set many levels of permissions (using advanced permissions), with limiting access to various parts of the site.
However, there are plenty of useful addons if you want it to be more "robust". Depends on what you're looking for as far as features go.
You can attach permissions individual to users or to user groups. So this is great to have a section of a website only accessible to those that log in that are part of that group (e.g. 'Staff').
You can even do things like set up expiring access to content, or do things like automatically remove users from a use group after an amount of time.
In short, concrete5 has included a whole bunch of permissions features that can be used to create an 'intranet' style of site.