Which sense does it make that a user is being able to create roles at runtime but not assigning permissions to these roles at runtime?
You can use the Radzen Security API to check for role membership at runtime.
But the "IsInRole" method does only make sense if I (the developer) know the name of the role? In addition to that I as a developer have to determine what a role can do and can't do. Therefore I ask again, why does it make sense to allow a user do create new roles without having the capability to determine what this role is allowed to do?
It seems that you need a security solution which Radzen does not offer out of the box. You should develop a custom implementation that does not use Radzen.
Yes that's quite clear that I've to implement that but I still ask myself what's the whole purpose for enabling a user to create roles at runtime when the developer has to determine what this role is allowed to do? Then the developer can also define the role.