The project ACL determines project-level permissions.
Each user on the project should have a private role. Each role can have subroles. A role inherits all the permissions that its subroles have.