When a team in Microsoft Teams is created, then so is a Microsoft 365 Group and a SharePoint site. This should be your premise when “setting up SharePoint”.
Azure Active Directory is all that is needed to manage permissions. The Microsoft 365 Group (and its underlying Azure Active Directory) would determine membership and permissions to resources. That is, if one would be a member of a team in MS Teams, then that member and all other team members would have access to the same/specific resources, such as files and folders within that team’s SharePoint document library.
An exception would be if a Private Channel would be created within MS Teams (only during the initial setup of the channel), then its members would be a subset of the parent team. And those specific members of the Private Channel would have access to those resources found under that channel, but no other members of the same team would have access, of course, not unless they were also members of that Private Channel.
Another aspect to consider is to have an organization-wide team in MS Teams, and that membership would be dynamic in that all licensed users would automatically become members or unlicensed users would be removed from the team’s membership. This dynamic Microsoft 365 Group would be managed by Azure Active Directory, and it would have a respective SharePoint site and document library. Each channel in MS Teams becomes a sub-folder to the parent team’s folder or document library. And as every unique team in MS Teams has a General channel by default, then this org-wide team would also have a General channel. And within every channel in MS Teams is a Files tab (tabs are across the top), so within this org-wide team’s Files tab (perhaps in its General channel) would be all files and folders that an organization would want to grant access to all its users.