group the $mainrole related stuff together, check the permission after getting information on the role