Define new authorization types that extend the WorkItem type. For example, define the RoleApproval type.
Define new capabilities that have rights on the new authorization types rather than WorkItem itself. For example, define a Role Approver capability that has rights on the RoleApproval type.
Assign the Role Approver capability to an administrator rather than the general Approver capability
Set appropriate authorization types in each manual action in your workflows.