Multiple roles
Consider the case of a user who requires all the permissions of both a Protocol Engineer and a Translation Engineer. This does not pose a problem. Any user can be a member of as many roles as necessary and thereby acquire all the permissions of all those roles.
Make the user a member of both the Protocol Engineer and Translation Engineer roles. That user is automatically granted all the permissions of both roles. Even if the Protocol Engineer role expressly denies some permissions that are granted to the Translation Engineer role, the user has those permissions. That same user has any permissions that are granted to the Protocol Engineer role, even if those permissions are denied to the Translation Engineer role.
When a user is made a member of a particular role, the person is granted all the permissions that are associated with that role. This is regardless of any permissions that are denied in any other roles to which the user belongs.