I never assign roles to titles as they will always be different in different methodologies and so on. I tend to set roles based on what the user will do in a project on a basic level. So Administrator, User and Viewer are the basic three that I always set and then I map against those: Admins have all access. User all access except project config and bulk edit/delete. Viewers have the rights to view and comment. That's pretty much it. If you need to hid something from someone, then that is what security scheme is for and no one should normally see any project they don't have a role in.