Best way to manage user permissions

Hi, I am using JupyterHub with Auth0 authenticator.
I want to give all users read only access by default and then grant some of them write access.
What is the best way to do this?
I am new to JupyterHub, any help would be appreciated.

Could you elaborate your setup more? Do you maybe even have it online, e.g. in a GitHub repository? How to achieve this best pretty much depends on which spawner you use.

Thanks for replying. I am running it locally for now, will be hosting it on Amazon Cloud after.
here is my config:
I have created srv folder by logging in as an admin, and I want other users to be able to read and some of them to write to it.

    from oauthenticator.auth0 import Auth0OAuthenticator, LocalAuth0OAuthenticator
import os
c.JupyterHub.authenticator_class = LocalAuth0OAuthenticator
c.LocalAuth0OAuthenticator.auth0_subdomain = ''
c.LocalAuthenticator.add_user_cmd = ['adduser', '-q', '--gecos', '', '--disabled-password', '--force-badname']
c.LocalAuthenticator.create_system_users = True
c.Authenticator.delete_invalid_users = True
c.Auth0OAuthenticator.client_id = 'id'
c.Auth0OAuthenticator.client_secret = 'secret'
c.Auth0OAuthenticator.oauth_callback_url = 'http://localhost:8000/hub/oauth_callback'
c.Auth0OAuthenticator.scope = ['openid', 'email']
c.JupyterHub.cookie_max_age_days = 0.4125
c.Authenticator.refresh_pre_spawn = True
c.Authenticator.auth_refresh_age = 300
c.Authenticator.admin_users = {''}
notebook_dir = os.environ.get('DOCKER_NOTEBOOK_DIR')
c.DockerSpawner.notebook_dir = notebook_dir
c.DockerSpawner.volumes = {
'jupyterhub-user-{username}': notebook_dir,
'/home/user/api/contents/srv': '/home/jovyan/shared'

So everyone will have their private home directory and a shared drive which only trusted users can write to but all people can read from, did I get that correct? So now you want to secure /home/jovyan/shared and you are not sure how to achieve that best?

Actually I do not know the answer since I have never done such a thing. My first hunch would be to check docker and its integration to JupyterHub whether you can mount that volume read-only for the less trusted users.

We have the same problem here, we want to have a shared folder and inside this folder, a folder for each user that only that user has permission to write there
we defined a shared vol with:

    - ReadWriteOnce

and then set it in the single user like:

      - name: shared-vol
        mountPath: /home/jovyan/shared

But we want to give write access only for some of the users, all the users have the same jovyan user so it’s hard to modify it.

anyone has an idea on how to do it?
@Nuray_Muzaffarova maybe you found a way?