[Catalyst] Group roles?

[Paul Makepeace]

I'd like to add some notion of group roles to an app and am not 100%
clear how best to do it with Catalyst::Plugin::Authorization::Roles.
Here's the setup: we have a ServiceProfile which is effectively a
client contract and under that there are a number of client users
(e.g. a bunch of people at Company X we do business with). I'd like to
represent some role where all the folks at Company X which has a
contract with Supplier Y can Do Stuff. So I could say
$c->check_user_roles($user->service_profile,
qw[can_access_supplier_y_data]);

This feels a bit like a user role but where the 'user' here is the
ServiceProfile and the roles are then defined on that 'user'.

What I'm not clear on is that C:P:Authz::Roles seems to only admit one
set off backends and refers to that as the default_auth_store.

__PACKAGE__->config->{authorization}->{dbic} = {
	role_class           => 'DBIC_Readonly::Role',
	role_field           => 'role',
	role_rel             => 'map_user_role',
	user_role_user_field => 'user',
        # Then I'd guess something like these fictional fields,
	group_role_user_field => 'service_profile',
	group_role_rel             => 'map_service_profile_role',

};

Any suggestions/cookbook ideas?

Thanks,
P