https://authzed.com/blog/user-defined-roles/ --> when a user has a role in the context of a group (similar to group : https://authzed.com/blog/build-you-a-google-groups/) then only they should be able to do certain action on a resource (resource associated with a group). Different user can have different role in the same group. The roles can be associated with a group is also user defined. How to approach this?