あなたは基本的にこれを見ています:
SystemUser: Id, AccountName
SystemRole: Id, RoleName
UserRole: SystemUserId, SystemRoleId
Product: Id, ParentId, Name
Product will have a self-reference on ParentId. If it's not a sub-category then ParentId should be NULL. You'll want anyone who doesn't have a SystemRole of "Admin" defined to be unable to access any Product that has a NULL ParentId.
UserRole is an association table that provides the M:N relationship of SystemUser to SystemRole. Even if each user will have a single role it's a good idea to set up the structure this way for now so your application is easier to expand in the future.