Add User limited to specific roles


Following situation: We want to build a role system which is in a sense hierarchical:

Administrator: can create "Supervisor" accounts ...
Supervisor: can create "Create" accounts ...
Create: Can create posts ...
User: can only read

So right now we have a White Label Plugin installed ( including a Role Manager which can do:
- Set permissions per Role
- Create new roles
- Create new permissions

Only problem we are having now is:
We can allow roles to "creater user", and "set user role", but then it's not restricted. So a "Supervisor" can create other supervisors, which he is not supposed to be able to.

Any ideas how to achieve this with minimum effort?

One Idea would be to write a plugin where you can map roles to other roles and then have a custom "add user page" which reads the options of the plugin, but maybe there is an out of the box solution I oversaw oder maybe a plugin like that exists? I didn't find one...

Thanks for your help!