The pain there is often a pre-configured role with a slew of permissions was used and you actually need to craft a new role with the right permissions.
I wrote some code once to fetch all those preconfigured role permissions and then present them in a more digestible way
I wrote some code once to fetch all those preconfigured role permissions and then present them in a more digestible way