How to define default Roles and Permissions

Hello. I'd like to have default user Roles and default Permissions for them. I decided to create separate classes that would store them inside like constants. Application will have only Companies, Applications(similar to web-sites), Users (assigned to companies), Roles and Permissions as domain models.

Super Admin can do anything, Admin can do anything related to the company he is assigned and User can just read user's info.

Application will most likely be used only as Rest API.

I'd like to know your opinion with this approach. Is it a good way to have entire control under ''who and what can do''? Thanks a lot!

This is PermissionType class

namespace AMS\Domain\Constants;


final class PermissionType
{
    const USER_READ   = 'user.read';
    const USER_ADD    = 'user.add';
    const USER_UPDATE = 'user.update';
    const USER_DELETE = 'user.delete';

    const APP_READ   = 'app.read';
    const APP_ADD    = 'app.add';
    const APP_UPDATE = 'app.update';
    const APP_DELETE = 'app.delete';

    const COMPANY_READ   = 'company.read';
    const COMPANY_ADD    = 'company.add';
    const COMPANY_UPDATE = 'company.update';
    const COMPANY_DELETE = 'company.delete';

    const ROLE_READ   = 'role.read';
    const ROLE_ADD    = 'role.add';
    const ROLE_UPDATE = 'role.update';
    const ROLE_DELETE = 'role.delete';
}

This is DefaultRoleType class that has default role names and default permissions for each of them

use AMS\Domain\COnstants\PermissionType as Permission;

final class DefaultRoleType
{
    const USER        = 'user';
    const ADMIN       = 'admin';
    const SUPER_ADMIN = 'super_admin';

    const DEFAULT_ROLE_PERMISSIONS = [
        self::USER         => [Permission::USER_READ],
        self::ADMIN        => [
            Permission::USER_READ,
            Permission::USER_ADD,
            Permission::USER_UPDATE,
            Permission::USER_DELETE,
            Permission::APP_READ,
            Permission::APP_ADD,
            Permission::APP_UPDATE,
            Permission::APP_DELETE,
            Permission::COMPANY_READ,
            Permission::COMPANY_ADD,
            Permission::COMPANY_UPDATE,
            Permission::COMPANY_DELETE,
            Permission::ROLE_READ,
            Permission::ROLE_ADD,
            Permission::ROLE_UPDATE,
            Permission::ROLE_DELETE,
        ],
        self::SUPER_ADMIN  => [
            Permission::USER_READ,
            Permission::USER_ADD,
            Permission::USER_UPDATE,
            Permission::USER_DELETE,
            Permission::APP_READ,
            Permission::APP_ADD,
            Permission::APP_UPDATE,
            Permission::APP_DELETE,
            Permission::COMPANY_READ,
            Permission::COMPANY_ADD,
            Permission::COMPANY_UPDATE,
            Permission::COMPANY_DELETE,
            Permission::ROLE_READ,
            Permission::ROLE_ADD,
            Permission::ROLE_UPDATE,
            Permission::ROLE_DELETE,
        ]
    ];
}