Why do you need a different class? The most usual approach is just have a User
class (call it something else because many DB don't like it), and each user have several Roles
or Permissions
.
That said, most probably you should not deal with this from within your application. Use the JAAS
model and let the container deal with; your only use in the application could be assigning roles to users.