explore the following example:
1. Background:
A system faces 2 objects and has the following permissions
users: you can pay bills, apply for invoices, and apply for refunds
Administrator: you can agree to apply and invoice the user, and you can agree and give the user a refund
2. Question:
is it reasonable to design a role that can do both a user and an administrator at the same time?
3. Attach:
generally speaking, is it a great security risk that an account involves both administrator and user permissions?