Gotcha! What kind of flow do you have in mind?
(1) User logs in
(2) Rules kick in
(3) Roles are added to the access token
(4) Permissions are added automatically to the token based on the roles from (3)
I think what you are saying is that when the roles are added programmatically, the RBAC feature of including the permissions associated with each role does not kick in, correct?