There is an article about Role-Based Access Control (RBAC) for React Apps at https://auth0.com/blog/role-based-access-control-rbac-and-react-apps/.
I wonder why we don’t use Permission-Based Access Control (PBAC)?
Like Backend APIs, the app with PBAC only needs to know permissions. If users have deletion permission, the delete button will appear, otherwise, it will be hidden. So, we can have a unified list of permissions that will be used for both application and backend.
Do we have any special cases that the applications should use RBAC rather than PBAC?