Rights have absolute priority and should be checked first. If a user has the right to modify a specific instance of a resource (not resource type, resource instance), then there is no need to perform any further checks and the user is allowed to do the action. It would be better to specify the type of rights (read/modify/delete). For example, the user Mario Rossi, regardless of his role, can modify the "Temperature" feature, if he has the "modify" right on "Temperature".
Roles are checked subsequently and indicate what users can do in relation to resource types (resource type, not recourse instance). For example, the user Mario Rossi has role "Analyst" and can only read resources instances, except for the resource for which he has different right.
Rights have absolute priority and should be checked first. If a user has the right to modify a specific instance of a resource (not resource type, resource instance), then there is no need to perform any further checks and the user is allowed to do the action. It would be better to specify the type of rights (read/modify/delete). For example, the user Mario Rossi, regardless of his role, can modify the "Temperature" feature, if he has the "modify" right on "Temperature".
Roles are checked subsequently and indicate what users can do in relation to resource types (resource type, not recourse instance). For example, the user Mario Rossi has role "Analyst" and can only read resources instances, except for the resource for which he has different right.