I'm developing a system where your user permissions will be based on the RBAC model,
A user could be in several permissions rules that would grant privileges to the system, when registering a new user the user to be registered would inherit the permissions of the user that is registering, how to prevent the user that is being registered can not delete a user who is in a hierarchy above his (according to the business) or remove this user from rules that influence his hierarchy in the system. For example
João(Usuário)
->Diretoria(Regra)
->cadastrar usuários(Permissão)
->excluir usuários(Permissão)
Fernando(Usuário)
->RH(Regra)
->cadastrar usuários(Permissão)
->excluir usuários(Permissão)
From a business (Real World) standpoint this is RH in the hierarchy but in the RBAC template is an abstraction interpreted by the user who created them! how to prevent for example that Fernando excludes the director John? simply because they both have the same permission (delete users)! one solution would be to write in the program that the user only exclude or modify users of the same rule, but in this case the company director could not exclude anyone! or it would have to be in all the rules and if it were also could be deleted by another user, another solution would be to register a history for each user informing who is their parent (user that created it) and so in this case I would write in the program that the user can not take privileges from their parents, this would be a way to represent the hierarchy, but still would not be perfect because a director could be registered in parallel to a common user and this rule does not would apply to it.
Is there a template or solution that can be combined with this to give some hierarchy (from a business perspective) rules, how could it be represented in the relational database?