Specify exact role in content permissions rule

Rather than just be able to specify This Role allow to specify a named role.

I want to be able to have content created by the API assigned to a role, then be able to allow other roles/users to edit view that content only - right now i cannot do this…

for example

API creates content as Tenant1APIRole

Then i have other roles

Tenant1Viewer - view all content created by Tenant1APIRole
Tenant1Editor - derive from Tenant1Viewer + Edit