Mendix application roles and module roles are defined in the model and (for safety) not editable in runtime.
In runtime you can allow users to assign predefined roles to other users. https://www.mendix.com/evaluation-guide/enterprise-capabilities/security-model
Another option is to use multi tenancy, but be careful: it can be tricky. https://docs.mendix.com/howto/security/set-up-your-first-multi-tenant-app