Enabling Access to Subsites, Restricting Access to Mainsite

I'm running a multisite installation for people interested in starting ecommerce sites -- I don't understand how to give users access to the sites they create without giving them access to the main site.

I really don't like the idea of them having the capability to browse the backend of the main site.

I'm using User Role Editor if that relates to a possible solution.