Development of a dynamic role model with individual access management

The current rights management must be extended. It should be possible for users to be given individual rights to individual resources via roles and groups.

Here is the summary of the results of the kick-off meeting:
A proven role-based user management is to be implemented with which it is possible to assign roles to users. These roles in turn can be assigned to groups (groups can also be assigned to other groups) and the roles/groups in turn are assigned rights to objects. Thus it should be possible to realize a standard setting with standard groups, which cover the current functionality (Admin, Installer, Guest, Owner as roles/groups) and additionally assign individual read and write rights for roles.
The following example scenario shall be realized:
Although an apartment building has separate apartments with separate meters, there is still a PV system on the roof that belongs proportionately to the apartment owners. For this reason, all readers are allowed to access the PV system but only read their own meters. Accordingly, there are the groups Apartment1, Apartment2, Apartment3, PV system} and the roles are each assigned to an apartment and all are assigned to the PV system group.