There is no such thing as a "user" in your software.
There are one or more specific roles through which others interact with the software, though.
Follow
Separating out "roles" from "identities" from "credentials" in the system architecture does wonders to prevent future confusion on this point.
Consider how we treat each of the following separately: a person, their "employee" status, their key card, and the access right granted via that card.
