Hey!
Your best bet is to use a paradigm of authorization called "named scopes." I am guessing you are using a modified subset of NoSQL, so it shouldn't be that hard to implement.
The first thing I'd like to start with is destructing and decoupling your data sets (tables, in their most rudimentary form).
Create a users schema which contains the meta fields only for what is specific to every user. The reason I emphasized "every" is because there are some parameters which are common across every "user" entity you'll create throughout the lifecycle of the application's state. Fields like first_name, last_name, etc.
Define a role field in that very schema to assign a role to every user. You can set this to a default value of your lowest access level which can be amended as and when needed. Using a simple 0 for administrator, 1 for super-user, so on and so forth should be enough for most use cases. You can, if the backend permits, get a little fancy and assign roles based on namespaces (like the ones used by AWS' IAM); something like administrator__crud--user which would mean the current user has administrative rights over the resource user.
Ask the backend to give you a JWT (the exact logic for this is up to you) and decode it. Based on the role, you can redirect the user wherever you want to (solving problem 1), show selective navigation fields (solving problem 2) and in the event of a user violating the ToS, you can log the Zero-Knowledge state identification resources to your log in the backend.