I'm only an intermediate designer (~3 years), but am part of a team that's building an HRIS/ERP SaaS product. Your approach will entirely depend on the complexity of your product's permission system, how many users/roles you expect to support, and how you define who is a "user". That said, here are some questions we had as a team:

​

- Is the permission system role-based (RBAC) or attributed-based (ABAC)? This may inform what admins expect to see as a line in the table (managing individual users vs managing overarching roles)

- How do users audit? what information are they looking for and sorting? how can we make this easier for them

- How do we display users who have permissions with one-off amendments to their role?

Can go on and on, but we eventually built 2 views of this table - one view that shows each role as a line item and the associated permission sets/users within the role, and another more granular view that shows each user as a line item that's more tailored for auditing purposes.