You described user roles.
Want to create the role of ACL (access level system), lowering operating privileges.
First, create an ACL for all user roles that You described (USER_ACL, MODERATOR_ACL, etc.). This is a table with privileges (bit mask with powers of two): 1,2,4,8,16,32,64, etc. the Sum of these values gives the number that uniquely identifies the ACL to access the different functions.
Then create a different BAN-sets (ACL on the same kreteriyam).
BAN_CHAT, BAN_EDIT, BAN_DELETE, BAN_REOWNER etc.
And current *_ACL subtract BAN_*.
Received and will be applicable ACL, but with limitations on the BAN mask.
(less than or equal to 0 - means all without any rights)