Create role Programmatically in superset 

Our org has the need to create a power user and read-only role that is different than default roles like gamma and alpha. How do we modify the custom security manager code to create a new type of role, assign permissions and put the user in that role upon the user's first time logging into Superset? We are also using SSO with Keycloak. 