UserRole module access restriction on a management page

Hello everybody!    I'm working on a project where we have different UserRoles according to the company sector.    In the domain model we have an entity called Distribution Group that has Id and Name as attributes.    One of Name's attributes would be IT and another would be Electronics, among others.    Let's assume that a UserRole module, called Posto 7, only has access to information technology.    I know that I can restrict in an Xpath or in a microflow, but I need this restriction to be made by the company manager, in an administrative page, as new access rules may arise.    How can I build this page for the manager to select restrictions outside the code, just by the manager page?        Thanks in advance for the help.
1 answers

Make sure the manager has access to all the distribution groups. 

Create an association between the distribution group and the userrole entity taht can be set by the manger and read by other roles.

Allow the manager to set the association for the distribution groups and in the security of the distribution entity make sure the xpath for a role is set to the association set by the manager.

As you are basing this on a role this will never become fully flexible as a solution in the runtime, but when you link a user to a record in an entity (e.g. group) and set the entity access xpath to use this entity for the roles that can access the distribution group, then you can setup a more flexible model as the group entity is under control in the runtime and does not depend on the design time availability of roles.