User permission levels are defined in /config inside the permissions object. Here you can define a multi-level tier of user access levels.
Out-of-the box, Gravity includes master, owner, admin and user permission levels.
The same permission object is included inside client/src/permissions.json. You must use both files as the React client runs independently to the server. You can also define different permissions for the client UI if you need to.