[x] assign admin / manage / run / design / develop / retired roles to individual users
[x] admin gives access to manage / run / design / develop
[x] retired disables all other roles, including admin
[x] create api call to check whether user has a specific permission (i.e., admin / manage / run / design / develop) that can be used to gate features or methods