What type of authentication do you use? Is this a pre-shared key, captive portal or do you have authentication via RADIUS?
If you use a pre-shared key, you will have to derive a role based on MAC address or device type (DHCP fingerprint).
If it is a user authenticated SSID (captive portal or RADIUS), then you can apply different roles based on the user ID. You will need to add a server rule that looks at the RADIUS response or the internal DB user role.
See the Validated Reference Guides (VRDs) at http://www.arubanetworks.com/technology/reference-design-guides/ for more info. There is a good VRD on DHCP fingerprinting, guest access (if you are using a captive portal) and RADIUS setup (in the Mobility Controllers VRD).