Instead of jscript to inspect roles, change how you approach this so that you change the role ownership to a person or security team that is at a higher business unit level than all the other users. We use this approach extensively to keep records open that some people in the company can still update, but not the sales people. A sys admin is at the highest business unit level typically – so you would be able to edit it. As long as your reps are in a lower business unit level you can control record edit rights in this manner without resorting to exotics.
If you've found this thread useful, dive deeper into User Group community content by role