database design - Disable delete permission for a user but allow read and update -

how add few users particular role allowed read , update object not perform delete operation.

• i have class a contains pointer class b.
• class a has 2 roles -- admins , moderators.
• class b has relation users class , adds above 2 roles acl.

now, how make sure, users match admin role criteria can whole crud op on relation in class b, moderators can add , read relation not delete users relation via relation.remove(user)