How do the developers usually specify the end-user permissions? i.e., How do we know the permissions of an end-user?


I am studying istio and microservices. Currently, I have a question about the permissions of end-users.

I understand that administrators can issue authorization policies based on the end user’s permissions, but where are the end-user permissions usually specified? i.e., How do we know the permissions of a user? Is there any corresponding judgment logic in the code (e.g., if (user==“admin”){…} else{…})? Or do they have a dedicated database to store end-users and their corresponding permissions? If there is a dedicated database, how do they perform the permission enforcement?