Each and every client connecting to the system must be authenticated first. After successful authentication clients can perform operations on schema documents according to permissions granted them directly or via roles. Roles can be granted to other roles too, which is greatly simplifies the process of authorization management.
What about integration with external Enterprise access management systems? It is on our list too. May be, it’s a subject to think about some Enterprise-level commercial extensions?