Groovy's permission system works fairly similarly to Discord's channel overrides. For each role/user, you can deny or allow that role/user from using that permission. These permissions are stacked on top of each other to produce the final result. If a permission has not been explicitly set, then it will be allowed by default.

Click here to view the permission commands.