I believe your best bet is to use the Authorization Group and, for the roles, the Authorization ObjectI_BEGRP in conjunction with your Equipment Category (placing the burden on data maintenance and consistency)
- or -
see if you can have a custom check programmed in the exit IWO10033Customer-Specific Authorization Check Maint./Service Order
See: