How granular can frontend user permissions be in Strapi?

We want to create various user roles and have content restricted for frontend users based on which role(s) they’re in (We’re building a B2B marketplace with users grouped by, amongst other things, geography). I’m wondering how granular we can make permissions and/or if there are any limitations? Given Strapi is still a young project, does its user management/permissions allow for near limitless configurations like a Firebase or Drupal would? Or is it still evolving and there are indeed some limitations?