Make sure the manager has access to all the distribution groups.
Create an association between the distribution group and the userrole entity taht can be set by the manger and read by other roles.
Allow the manager to set the association for the distribution groups and in the security of the distribution entity make sure the xpath for a role is set to the association set by the manager.
As you are basing this on a role this will never become fully flexible as a solution in the runtime, but when you link a user to a record in an entity (e.g. group) and set the entity access xpath to use this entity for the roles that can access the distribution group, then you can setup a more flexible model as the group entity is under control in the runtime and does not depend on the design time availability of roles.