(Module based) Access rights in a multi-tenant Solution

So we are developing a multi-tenant solution and we want to be able to sell different packages, like: Small, Medium, Large. The challange now is to be able to model/configure the application so that at runtime we can configure what part of the application can be used by a certain customer. For example: We have 5 modules, module 1 to module 5. The Small package only gives rights to use module 1, the Medium package allows a costumer to use module 1, 2 and 3 and the Large pagackage is allowed to use all modules. When a user of a Medium costumer logs in, he is only allowed to use the modules 1 to 3. Currently we are thinking about creating a user role per module and have them dynamically added to a user, based on the package he is allowed to use. So when a user of a Medium package logs in. We check to see that he belongs to a Medium package and set/add the user roles for module 1 to 3. We are interested to see how others have solved this problem and/or if using userroles for this will have a (major) impact on performance. (How many userroles can we assign to a user, before it will have a significant impact on performance)
1 answers

I have done this as you described and it is a correct way to do it. No performances issues met.

As a hint you can make an extra entity (MyRoles) to control the visibility, language and assignability of the roles.

Edit: About customization. Images per customer are in the model. So every client has its own logo. The forms are translated by Mendix, works perfect.

User definable data like categories, departments etc are translated with separate entities, xpath constraint over the user_language association, etc, etc. Too much for now, but if you need more information, contact me.