Permissions
Permissions define what a user can do in your application, they are passed through user credentials and can be check in your frontend and backend apps to either allow or deny specific actions. In terms of defining permissions, this is entirely up to you and can be as simple or as complex as you like. Its entirely possible to have one permission for your whole application which defines unlimited access if that is more fitting for your usecase, or you could go as low as specific actions on a recource. Each permission is defined by a string so you can add whatever string of characters you like to best define your permissions.
Note that you should be mindful of how many permissions you add and the size of said permissions, ideally these should be as small as possible as they are passed through user credentials, but it is up to you to weigh up the tradeoffs.