How to design custom roles/permission flow for backend and also how to implement those roles in access layer control and permissioning?

Question

I am thinking how to design or rather the best way of designing API for custom roles and implementing it for access layer control/permissions and also overall implementation. Is