For most objects you can use default Django permission model (Django doesn't have object-level permissions)

Personal Named Credentials

Personal Named Credentials are by definition personal, so strict checking on ony operation is implemented in Admin interface.
Only the owner can add/view/delete Personal Named Credentials.

Admin can see the fact that a user has a Personal Named Credentials object referring a Named Credentials

Folders & Connections

Folders and Connections when used over REST API implement folders permissions.

Permissions can be granted on Folder level (implemented using Folder Permission object)
Permissions can be granted to user groups or individual folder.

Permissions granted on a folder give access to this folder and all subfolders.

API endpoints

Endpoints which implement folder permission logic:

folders - flat list of of folders available to current user
folders/tree - hierarchical list of folders available to current user
connections - flat list of folders and connections and folders required to view connections connections/tree - hierarchical list of connections in folders

Folders Ancestors

API result include not only folders which available to current user, but also all ancestors from root folder. Connections and subfolders from other folders will not be included.

Example folder structure:

Root foler
  ┝ Customer A
  ┝ Customer B
  ┕ Customer C
    ┝ Servers
    ┝ Network
    ┕ Printers

If access is given only to Printers folder, the result will be

Root foler
  ┕ Customer C
    ┕ Printers