For those managing role-based access control (RBAC) and user permissions in APIs, what are some strategies you use to ensure everything stays secure? Are there specific frameworks or patterns you follow to handle user roles without compromising security? I’d love to hear tips on how to manage complex permissions effectively.