The only time I’ve ever seen a system like that come in handy is when there have been a bunch of complicated permissions that don’t fit neatly into discrete levels and are assigned by users. For everything else, a boolean in the database or an ad hoc system has been perfectly fine. Don’t build things before you need them!