The problem is if you do it via user permissions you could end up with dozens of users with all sorts of odd permissions. If you create a group with the permissions you want all you have to do is drop the offender in to the group. Note, they MUST stay part of the registered user group at all times but can be members of multiple groups. Once he’s served his time simply remove him from the new group and he’s back to scratch.
"The more connected we get the more alone we become" - Kyle Broflovski