I am currently working on an enterprise application HRMS, but there are some issues in permission management that I cannot think through:
1. Permission determination at multiple granularities:
Department-based permissions

• Basic module permissions

• Personnel module permissions

• Administrative module permissions

• Recruitment module permissions

• Training module permissions

Among the above five modules, the last four depend on the first module, so some private data such as attendance data viewing will be placed in the basic module permissions.

Position-based permissions

• Director

• Senior Manager

• manager

• General staff

The basic module also contains the initiation process, but ordinary employees cannot approve the process. Only at the manager level can the process initiated by subordinate employees be opened.

Users are directly linked to permissions
Because in the actual production environment, some people will be assistant directors or hold multiple positions. For this situation, I will let the user directly use the user_permisson table management.

Question 1: Data model design

Would it be more troublesome to verify the design later?

Question 2: The interfaces displayed by different departments and positions are slightly different. How to implement this? (It is best to load in ajax mode)
For example, the personnel department can see the resume library and personnel information based on the basic module. The manager level can approve subordinate employees, team performance and other data.

Waiting online for answers from experienced experts, thank you very much!
This project is based on Laravel 5.2.29. It is currently being worked on by one person and is planned to be open source.
If you are interested, you can develop together.