If you want.
If you want.
Or, you can use existing permissions.
Or, you can create permissions matching (by name) the roles you’re using.
See the discussion at What is the purpose of Permissions?
Keep in mind that a 'Permission' is just an arbitrary name. There really isn’t anything special about what it’s called, when you’re using them in your own views. The Permission itself does not grant authorization to do anything. It’s up to the views to apply the semantics for those permissions.
(The Django admin does rely upon the names of the Permissions for its authorization tests - but that does not mean that you need to apply the same meanings.)
Another way to think about this is that the authorization facilities form the basis for the implementation of a Role-based security system, where Groups are the Roles, and Permissions are the names of the rights being granted to those Roles.