I'm greatly in favor of a role-based system, though I would strongly
suggest not hard-coding the roles. That is, allow someone to define a
new role and modify the read/write/admin permissions on each tool in
Gforge. I do think you have a good set of default roles in mind, though.
However, you'll probably want to have a 'guest' role that "other" people
would default to. That is, a non-member of the project, or even people
not logged into the site at all. Maybe we should even allow for project
admins to select which roles these two groups get assigned to. This
would allow for a finer-grained access control over who gets access to
what. All said though, I think roles are a great idea.