Thank you for your reply @texnixe and for your suggestions for 3 and 5! I will try those. It would be great to see the ability to load different blueprints per role in the future 
I have followed the guide and also checked the docs. Unfortunately even after that I still had the above questions.
Regarding (1):
According to the guide, setting permissions->access->site to false should “prevent the editor […] from updating the site settings”. However, it seems to completley disallow the Editor’s to login. Edit: This seems to be a problem when using XAMPP on Windows, but works fine on a linux server.
Setting permissions->site to false on the other hand doesn’t seem to do anything. Edit: This also doesn’t do anything on linux.
Regarding (2):
Appologies, I actually had them indented correctly in my code, but wrong format in my initial post. I’ve updated my initial post now.
The *: false seems to cause a problem here so that no user can login to the panel when it’s set. Removing it in the above blueprint allows to login. With *:false set, on the login page, the POST request to /api/auth/login returns the following error:
{
"status":"error",
"exception":"Kirby\\Exception\\InvalidArgumentException",
"message":"Invalid email or password",
"key":"0",
"file":"PATH_TO_KIRBY\\kirby\\config\\api\\routes\\auth.php",
"line":50,
"details":[],
"code":400
}
Using the same username/password combination without the *: false works.
Regarding (4):
This seems to disallow login as well, with the same error message as above. It’s also not documented in the docs.
Basically, what I want Editors to have access to the panel, but only to certain pages as well as to change their own profile information. Maybe I’m thinking too complicated to achieve this?!
Cheers,
Frederik