Each service has a set of permissions defined. When a service access another service, the user needs those permissions too. Each permission can come in the flavors READ, WRITE, and DELETE. If you give a user a permission in a service, you should give them all the permissions in the other services that one permission depends on. This page documents those permissions and their dependencies to make this easier:
Table of Contents maxLevel 2
provisioner
All provisioner endpoints are permissioned as system permissions. The provisioner provides no other permissions, and no service depends on provisioner permissions.
...