From security preferences pane we see below info:
What is restricted internally for each of these?
Files and Folders access: Allow the apps below to access files and folders.
Full Disk access: Allow the apps below to access data like Mail, Messages, Safari, Home, Time Machine backups and certain administrative settings for all users on this Mac.
Best Answer
Full Disk Access feature is much like a security check at an airport. When you grant “Full Disk Access” to an app it is added to the whitelist of applications that are now marked as safe to work with your data. At the same time, all other applications will be greeted with “You Shall Not Pass.” The protected areas that require Full Disk Access permission are your Mail, Messages, Safari, Home, Time Machine.
According to Apple: “So if your app attempts to access any data that is part of one of the protected categories the system will automatically terminate it.” And by “terminate” Apple really means a forced crash.
In the other hand regarding Files and Folders,
In macOS 10.15 Catalina, Apple has further extended the number and range of User prompt that can be generated when code attempts to access certain locations and functions.
In order to prevent attackers enabling FileVault with a secret key via fdesetup, a possible avenue for a ransomware attack, Apple has introduced a new prompt that requires user approval before FileVault can be used to encrypt the drive programmatically.
Programmatic access to user’s Desktop and Documents folders will now also require user approval, as will access to the Downloads folder, iCloud, mounted volumes and cloud storage folders like Dropbox, OneDrive and similar. As on Mojave, the list of approved apps can be viewed and managed in the System Preferences Privacy pane.
The prompt takes the form of a message “SomeApp would like to access files in your Desktop folder” with “Don’t Allow” and “OK” as the options; there is no password required for this approval.
In brief:
Apps on the Mac will need permission - asked once, when first needed - to access files in your Documents or Desktop folder, in iCloud Drive, and on any external volume connected to your Mac. You'll also be prompted when any app can capture your keystrokes or take a screenshot or video of your screen.
macOS will run in its own private, read-only volume, so there will be no way for malicious apps to write files to the volume or alter existing files, or no way for you to accidentally delete key files. The installation of macOS Catalina creates two volumes, one with the operating system, and another with data, segregating the two types of files.
Apple is doubling down on security and privacy, and this is an impressive list of new features. We'll keep you posted as more information about these key features becomes available.