We need more granular staff permissions for the Aeon client.

For example, we have some staff who should ideally not have the permission to clone requests, for example, or perhaps to create new requests. I see there is a similar ER for Ares, but I do not see one for Aeon staff permissions.

Even with a transition to the web client from the local application, more sophisticated staff permissions are still quite pertinent. Please consider!