As per my understanding user derived role are assigned prior to the authentication. once user authenticated its role is overruled by default role or system assigned role.
If this is right, then please do let me know is there any way to assigned user derived role after authentication?? i know it can be done by system role but what if we are not using 802.1X???