Due to technical limitations limiting how this experience could be designed, I had to work closely with the dev team. Working directly with the dev manager, we communicated on a daily basis over meetings, slacks, and emails to ensure what was designed could be built that created the best experience for users.
After careful consideration and exploring all of our options, we decided to move forward listing all the different phone numbers connected to each T-Mobile ID and update them all to the highest user role whenever a change is made. Therefore, it acts like the T-Mobile ID is what decides the user role even though technically the user roles are still connected to the phone numbers.
To help explain this visually. Let's say John Doe has a T-Mobile ID that has three MSISDNs connected to it.
John Doe's T-Mobile ID -
(555) 555 5555 - Authorized User
(521) 565 7896 - Standard User
(435) 132 6842 -Restricted User
In this scenario even though those three MSISDNs have 3 different user roles, they'll all have the highest user role attached to the T-Mobile ID, which is Authorized User in this scenario when they log in. It gives the facade that the user role is connected to the T-Mobile ID.