why do you need to differentiate assigned roles? what permission check are you trying to make?