Hello @bigpotato welcome to the community!
Sorry for the delayed response, but wanted to follow up on this one.
This sounds like a perfect use case for Role Based Access Control (RBAC). You can “automatically” add these to a user’s access token with this setting on your API configuration.
You can add roles to a user’s ID token (for front end consumption) using an Action. Depending on your app’s particular needs, typically you should be able to rely on Roles to make front-end decisions as the permissions claim will exist in access token which is consumed by your API.
Hope this helps!