Currently the manager and user roles are defined within the
securit.drl file and are hard-coded into oxTrust. So updating this would require some significant work.
Of note, however, is that we are in the process of scoping a major overhaul to oxTrust where we would expose APIs for everything.
In addition to improving functionality, this would make enforcing access policies in oxTrust much more flexible.
We are scoping this enhancement for Gluu Server 3.2.0, which would be available sometime in the first half of 2018.
If you want to discuss further, feel free to email me at will[at]gluu.org.