Other than the insane suggestion permissions should be assigned to individual <i>users</i> (a fundamental violation of the term "<i>Role-Based</i> Access Control") .. a decent overview.<p><a href="https://medium.com/@volcimaster/for-the-love-of-all-that-is-good-and-holy-in-this-world-you-should-never-be-assigning-roles-to-5a7f0f34c4f8" rel="nofollow">https://medium.com/@volcimaster/for-the-love-of-all-that-is-...</a>