We could rename the privilege "CREATE SUBOBJECTS" ...
I think we're splitting semantic hairs here ... do roles have to be explicitly modeled in the datamodel to be implemented in the toolkit, or is a standard UI and API sufficient?
Are you suggesting we add a separate role facility in addition to permissions? I'm cold to that idea because the permissions systems is flexible enough to provide the foundation for a role facility via API and UI and does much more, and I don't like having parallel mechanisms for accomplishing the same thing.