Think I got this down...thanks to you Tim.
*Created one service
*Used all types of authentications I will use on this SSID
*Split the different roles/traffic via the enforcement policies, which are based on the OuterMethod
You rock man! Thanks again!