You can define different roles inside the application. Roles can then be assigned to a human or application user.
Roles are cumulative and inherited. This means that the access rights of the different roles positively accumulate up for a user.