Every organization is different, so roles and permissions are extremely flexible in Dastra.
Each user can be associated with 1 or more roles. The roles are themselves associated with a list of permissions (e.g.: write in the registry, post a request to exercise a right...). There are two ways to manage the roles associated with users.