Custom SPI manipulation of fine grained management permissions

I’m trying to create a custom SPI that creates a pattern of roles and groups based on input parameters in a request. That part works fine.

The part I can’t get to work is creating fine grained permissions on the groups I just created to give members of one of the groups rights to manage the membership of the newly created groups.

I can see how to do that in the admin console, but I can’t see how to programmatically do that inside my custom SPI. Is there documentation or examples somewhere (even test code) I can use to figure out how to do this?

I could use the REST API that the admin UI uses, but my SPI is already executing inside the server and I don’t want to have to make REST calls out and back into the server. The roles and groups I create in the SPI are also in a transaction so until that transaction completes they wouldn’t exist for a call out to the admin REST API anyway.

Has anyone done anything like this before, or have any advice or pointers?

I found a way to do what I needed and answered it on this other thread hoping to help others…