@Charlie Harding "Instead of @RolesAllowed, I implemented a custom @PermissionsAllowed annotation. I created a PermissionChecker that uses a map to link specific actions (permissions) like menu.Doctors to a list of allowed roles. The system then checks if the logged-in user's roles match any of the allowed roles for that permission. This gives me a more granular, permission-based control rather than just role-based."