thinkphp platform, auth permissions control, how to prevent the low group of users to modify the high group of information and user groups? Thanks a lot

thinkphp platform, auth access control, how to prevent the low group of users to modify the high group of information and user groups? Thank you
The system is set up with three user groups, Super Administrator, webmaster, editor

Three users were added, admin, Jsitt, test

And all three user groups have been set to allow viewing members, modify the membership information permissions

Now, the problem is that the webmaster can modify the Super Administrator's information and groups, the editing group can also modify the Super Administrator and the site administrator's group and permissions, etc.

I want to be, Super Admin > Webmaster > Edit

The webmaster can modify all the edited groups and information, but cannot modify the Super Administrator's information and group

Thank you!
------to solve the idea----------------------
Users can only handle data that matches their own permissions, and there is nothing to do without permission.
So permission is the subject, the user is the object
Rights Management is to abstract permissions, only to recognize the rights, do not recognize the user
Do it, and your problems don't exist.
------to solve the idea----------------------
This should be done when the role is being processed.
------to solve the idea----------------------
Permissions and apps are linked by role
Your needs are a privileged role to perform an application, you also need to determine the level
So you can subdivide the role, or you can set the host in the app
If you have an "exception" in your Rights management, you can also use "exceptions" to handle

