If its relevant, and possible, why reinvent the wheel? If the biz logic is for an administrative interface (and not related to app biz logic), consider using ready made GUI interfaces to control your auth items assignments. I use RBAM and happy about it.
You assign roles to users with either the API method for it (which I never used and don’t recall its name). You do not need to do this assignment of a role to a user over and over. After you assign the role to the user you can manipulate the ‘auth items’ (operations) that are included in that role, and that will be effective immediately across the system.
When new user comes along and require the same permissions you simply assign the relevant role to him/her as well.