Equivalent to the permission group, you can classify and manage related permissions. Each permission belongs to a permission type.
In a system, the operation of a functional module, access to a menu and even a button on a page, the visibility control of an image, are all lies within the scope of the permission management system. That is to say, through the feature permissions, you can know the range of resources that the user can access and operate.
In order to classify and manage many users with similar permissions, the concept of roles such as system administrators, administrators, users and visitors is defined. It basically a collection of a certain permissions named as role which actually holds or carries the permissions.
User is basically the actual operator of the application system who owns the permission information. His /her permission set is the permission that its corresponding role belongs to.
Manage the permissions that tenants have. Current tenants can delegate some of their own privileges to their own sub-tenants, so that sub-tenants can have access to operate some resources.