In order to create an effective user-centered experience, we create personas for key audience groups. Although a persona is a fictitious representative and may not be exactly like your real end users, the process of creating a persona helps to build empathy for the real people that are going to use the final product.
You've been doing Drupal permissions wrong for years (probably). And the fix is pretty simple. The Problem: Drupal permissions are an administrator's nightmare. The settings page is a daunting wall of nondescript checkboxes with overlapping meaning and lots of duplication. This makes bugs hard to find and permissions hard to manage. Worst of all, this user experience poses a security risk. It's just too tempting to scroll and check box after box without thinking too deeply about the consequences.
Card-sorting and cluster analysis for information architecture.