Permission control through roles would be great. Supporting the same roles as ghost would be great here:

• Admin: can administrate all parts of the blog and add users
  • not necessary to have an interface for adding users in the first version
• Editor: a user who has can manage and publish posts, including the posts of other users.
• Author: a user who can only publish and manage their own posts.

This can be enforced by storing a .netlify-cms.yml file with role permissions in the git repo and reject/permit commits through a git hook that reads this yml file.