Role Claims in ASP.NET Core Identity compared to Role Permissions in custom auth

Lets step away from ASP.NET Identity for a sec and lets say we are building a custom authentication/authorization system for our application.

It will contain the following tables for full flexibility:
Users
Roles
Permissions
UserRoles
RolePermissions

With the above we can have a full fledged User Management section of an application where an Administrator can say User A has Role B which has Permissions C,D,F.

The above has always worked for me in the past, but lets switch gears now to an ASP.NET Core MVC Application using ASP.NET Identity.

Attempting to utilize everything Microsoft gives you with ASP.NET Core Identity in the UserManager I would like to be able to still achieve the above, but the ASP.NET Core Identity MVC way.

What I know:
That I can easily use the UserManager to implement CRUD pages for Users and Roles and User Roles.

What I am trying to figure out:
How can I replicate the same behavior of the "which permissions/actions does a role have?" concept.

My initial guess at this is that you would use Claims in combination with Roles. Claims get assigned to Roles i.e. RoleClaims and then Roles get assigned to Users.

This way I would be able to simply check for Roles above Controllers/Action methods with Authorize tags. And additionally go even further at the page level saying hide/show the delete button if the user's Role does not have Claim "DeleteProduct" Kind of like what this view-based authorization documentation is saying.

--

I am trying to figure out if I am on the right path with this stuff. Any advice or corrections would be helpful.

I am also evaluating on this, one drawback with this is, cookie size, as the role claims will flow into the cookie. this makes it hard to have many permissions. Usually Roles and permissions were in the cache then incoming user role- verify with the cache datat to authorize, probably a good solution, in my opinion.