Initially you do not need to decide which privileges to assign each user. Decide which operations should require a privilege.
For example, use the enterer privilege to allow CR creation. Assigning a user the enterer privileges would then give the user permission to create CRs. Assigning the user additional privileges (for example assigner) would grant the user more privileges. Assigning a user administrator privileges (for example pt_admin) would grant the user unlimited privileges.
The software also uses interfaces (such as User and Admin) to determine the presentation.