[eluser]PhilTem[/eluser]
As long as you'll stick with these four roles maximum, you can use some hard-coded permission checking. Setting the groups in hierarchical order with even unix-styled group ids (id = 1, 2, 4, 8, 16, ...) can come in handy for easier permission checking.
But as soon as you want to have more dynamic permissions and roles it's probably easier to use some ACL (access control list). There are some threads around this forum you might wanna have an eye on.