var securityRoot =
Person c =
p.Id = Guid.NewGuid();
You are right that our managers will persist the secured object automatically. Unfortunately they can work with OA only. All the logic should be implemented by the developer in case you use other manager classes, and your own provider for storing the items. The only thing I can point you now is to our guide on permissions - you may be able to pick ideas from there - http://www.sitefinity.com/40/help/developers-guide/deep-dive-security.html
Unfortunately I am not able to answer this before I dig in this deeper - we are using an ORM and our API takes care of the relations automatically.
Is it an option for you to use the API only?