[LARP DB] - Here's a weird question. For user permissions, should you be able to lower or remove your permissions?? Like should you be able to just remove yourself from the system if you wanted? Of course you can't change anyone else without already having permissions to do so but, what level of security do we want?
I think you should be able to delete your account, or remove a role.
Like, ideally it would be RBAC (role based access control). Role would have permissions, etc, permissions would be granular.
Or it could be a "request for add/remove" so people with certain perms would be able to view a list of changes and approve them.
Hm..I think the request option is overkill of our needs.
but yes RBAC is built into this, just a matter of figuring out what access control a person has to lower their privileges. (you can't raise your own unless you're an admin, but in that case it's a moot point)