Right now, if a user has a role in the system with limited access to certain content, but they have another unrelated role that does have that access, that access is granted in full. For example, if access to a report is removed for a certain faculty role but is granted to the Parent role, if that faculty member is also a parent, they will be able to access that report.

We'd like to be able to limit access to certain roles with the option to remove that access regardless of other roles that may grant that access so that we can have more control over what content is available to certain users, as this could be a security risk in some cases.