Managing special roles

Hi all,

I have a web-app configured with spring security which gets users and roles from an ldap tree.

I have a dn ou=User,dc=application for users and, for role, ou=Groups,dc=application .

Every role is an entry in the second subtree and the association is made by attribute member in role entry.

Actually i have 5 different role access (ROLE_A, ROLE_B, ROLE_C, ROLE_D, ROLE_E) : every role gives grant to access to a specific url. Every role are independent.

Role subtree schema (very simple and incomplete)

ou=Groups,dc=application .
--cn=A
--cn=B
--cn=C
--cn=D
--cn=E


Now I have to satisfy a request to insert 3 new roles (ROLE_F, ROLE_G, ROLE_H) that can be assigned following a fixed schema :
- ROLE_F can be assigned only if user is in role to ROLE_B, ROLE_D,
- ROLE_G can be assigned only if user is in role ROLE_C or ROLE_E
- ROLE_H can be assigned only if user is in role ROLE_A or ROLE_B

Which is the best pratice to manage these 3 new roles? Shall I consider them as independent and managed dependency in application or what else?

Thanks