The image below is Discord's channel permissions menu. It makes sense. For each user or role you specify, it allows you to take three actions on each permission: Allow (☑️), Inherit (/), or Deny (❌). This lets you do more or less whatever you want and enforce any permission structure you feel like enforcing.
The image below is Discord's role permissions menu. It doesn't make sense. For each permission on each role, you're allowed to select Allow (on) or Inherit (off). There is no Deny option. "Off" is not Deny. If a user has a permission from any of their roles, including @everyone, there's no way to remove it on a global level. I don't know why.
Instead, if you want to explicitly deny a permission from a role—say, if you want to mute someone for a while so they can stop being mad online—you have to go into every single channel and add that role to the permission manager, then deny the permission from there, then remember to do this again when you add or modify channels. Forever. If you use channel categories, you can assign those permissions to each category and save some time, but it's still a huge, error-prone pain in the ass.
The permission system, in its current state, is a public safety hazard. Not only is there no way to check a user at-a-glance and determine what permissions they have, but because of the @everyone inheritance behavior, there's not even a polite way to check the permissions of any given role. All of the system's weird and slightly unintuitive interactions (enter the Manage Roles Hierarchy Clusterfuck) go invisible until something fucks up. Of the large public Discord servers you're lurking in, I can virtually guarantee that at least one of them has accidentally assigned full administrator permissions to anyone who asked for a green name in chat.