Roles and permissioned schema design issue

Hi Everyone,

I am developing a multi-tenant QSR food billing SaaS website with a Super Admin in the system that manages the whole application. Super Admin can create multiple tenants and each tenant can create multiple brands. Similarly, each brand can create multiple outlets/deployments. Each outlet can have multiple employees or users responsible for QSR billing.

Now, I want to convert the application into permissioned and role-based application where some users say super admin or tenant admin have access to create roles and some permissions are by default linked to roles. And there are options to give more or less permissions to certain users. So There may be a possibility that Permissions can be up to 4-5k so Instead of creating the permission collection and storing users in an array that has the specified permission. I have directly stored the permissions in the user schema specifying which users have what permissions.

Now, The issue is How should I link the permissions directly to the role and how to have default permissions linked directly to any role so that If a new role is being created it must have some default permissions, and permissions can be increased and decreased based on the requirements.

This is the current user schema of my application. Suggest some changes so that roles can be linked to permissions and give options to toggle permissions on certain roles.

var userSchema = new mongoose.Schema(
  {
    name:{
      firstName: {
        type: String,
        required: true,
      },
      lastName: {
        type: String,
      },
    },
    username: {
      type: String,
      required: true,
      unique: true,
    },
    email: {
      type: String,
      required: true,
      unique: true,
    },
    password: {
      type: String,
      required: true,
    },
    mobileNumber: {
      type: Number,
      required: true,
    },
    role: {
      type: String,
      enum: ["superAdmin","tenantAdmin", "brandAdmin", "outletAdmin", "employee"],
      required: true,
    },
    tenantDetails:{
      _id:mongoose.Schema.Types.ObjectId,
      name:String,
    },
    brandDetails: {
      _id: mongoose.Schema.Types.ObjectId,
      name: String,
    },
    outletDetails: {
      _id: mongoose.Schema.Types.ObjectId,
      name: String,
    },
    permissions: [
      {
        name: {
          type: String,
          unique: true,
          required: true,
        },
        operations: {
          create: {
            type: Boolean,
            default: false,
          },
          read: {
            type: Boolean,
            default: false,
          },
          update: {
            type: Boolean,
            default: false,
          },
          delete: {
            type: Boolean,
            default: false,
          },
        },
      },
    ],
    address: {
      location: {
        type: String,
        required: true,
      },
      state:{
        type: String,
        required:true,
      },
      city: {
        type: String,
        required: true,
      },
      pincode: {
        type: Number,
        required:true
      },
    },
    profilePhoto: {
      type: String,
      default:
        "https://upload.wikimedia.org/wikipedia/commons/thumb/f/f9/OOjs_UI_icon_userAvatar-constructive.svg/2048px-OOjs_UI_icon_userAvatar-constructive.svg.png",
    },
    isDeleted: {
      type: Boolean,
      default: false,
    },
    isActive: {
      type: Boolean,
      default: true,
    },
  },
  { timestamps: true }
);

Thanks for your time.