Users can be created by Admin as well as at random (by anyone)
Users created cannot be grantedRole at the same time.
Only if the user is created by the admin (using authentication) the roles can be granted (maybe for later scope)
Once a User is created, only the Admin (with superAdmin privileges) can grant the access to a role to the user.
Roles can be granted only by users with grantRole privilege. If there are no users with that, only the admin can grant role with privilege grantRole to a user so that the user too can grant roles to other user.
Design the Access Pattern for Authentication (AuthN) and Authorization (AuthZ) for WDB.
Tasks