You can definitely model it like that - they are just strings - whatever you can do to strings you can do to claims ;)
But it would be definitely an anti-pattern. Claims describe the identity of a user - which might include coarse grained authorization information. There's a fine line here.
But for your use case you would rather implement your authorization policy in a ClaimsAuthorizationManager and use the identity claims as input to "calculate" your fine grained authorization decisions.