Question about User roles and permissions

Hi all,

I'm building an app which has Client and User models and a many to many relationship exists between them. I'm also using Spatie Roles and Permissions for defining my roles and permissions.

I'm going to have a Role of Client Admin and a User with this role should only able to manage the users who also belong to the same Client that they do. I do have a more general top level Administrator role who has a permission which is manage users but I specifically only want Client Admin users to be able to manage their own Users, rather than ALL users.

So I'm thinking that for this a new permission that is something like manage client users which I give to both the Client Admin and Administrator Roles - is this the best approach do we think or am I missing something more obvious?

Thanks in advance