Should the user access to specific pages or even specific fields on forms be declared as scopes?

[AssisrMatheus]

I'm trying to study to create a following setup:

• NextAuth
• Having my own Oauth provider (like my own auth0)
• Password login + social login

Now, I want to control what pages the user has access to. Or what modules. Or even each field of an specific form.

Should I have this as a bunch of tags in the user's scope(page1:read page2:read page3:write page3.name:write) (which might get big if I'm having access for specific fields)? Would It be a problem? Or it's not even the "right way", and if not, what would it be? Access control table on the user profile?