Don, I'm not suggesting creating roles. I was just pointing out that roles are something that is handled implicitly by the UI. That actually makes roles very flexible. A nice way of assigning a role is to create a rel_segment. You don't even necessarily need to add privileges to the rel_segment, simple membership can be enough to assign a role in certain situations since the UI is doing the work.
