Defining roles for controlling accessibility of individual models

[aniruddha-mmt-zz]

I want to assign roles to the user so that I can control their accessibility for individual models.
Ex: Let's say I have user1 and user2, model1 and model2.
User1 can perform crud to model1 and model2 but user2 can perform crud on model1 but only read on model2.
As per the current documentation, I can only assign permission to users which are valid for the whole DB not per models.
@jinzhu please advice.