Both Roles and Permissions are implemented by the ESUI, meaning they are independent of the authentication.
As a kickstart, both roles and permission can be specified in csv files which will be read the first time the ESUI is executed, getting you an initial base to work.
For the permissions to be assign to a user, the account must match. If this is the case the permission will override the display name and the alias, besides adding the role assigned.
This information can be modified from the admin section in the permissions page.
The definition of the Roles can be set in the csv files, requiring and id, role name and value representing the hierarchy of the role ranging from -128 to 128.
The restriction to tabs using roles, is implemented, and restrictions to additional features can be easily added
By default the initial roles are:
permissions: { default_role: 'reader', file: __utils.absPath('./config/server/auth/permissions.csv') }, roles: { file: __utils.absPath('./config/server/auth/roles.csv') }