Like jsolb says, you would probably be better off using only one SSID and setting the user role directly.
If you have your users in the internal database, you can do this by setting the "Role" parameter for that user.
If you have users in an external server, you can do the same by making a server rule and making the server return what role the user should have with for example filter-id which is a common parameter for this usage.
Also, just to add to jsolb's answer; if you still wants to do role derivation based on essid, you can also do this by creating a user rule. You can make a user rule to set a role or a vlan based on what essid the user is connected to.