Hi @jpreese
Usually how you manage the client access is completely dependent on your needs.
For the company I work for, the dashboard is completely behind a login (so no pages have public/guest access). The way we manage access is simply to check if we have a valid access_token stored client-side, if so let them in, if not redirect them to the login page.
In terms of managing access depending on permissions this is also completely up to you as well. There are many methods, one of them is to have a roles claim in the access_token which your client can use to show/hide UI (remembering that ultimately your backend must validate their access as well) depending on the user’s roles.
Hope this helps!