Managing users playbook -- could use a clever idea

[Rishi]

I have a role that manages my users on my boxes, problem I am having is I have two tasks that modify the "groups" properties of users. This is obviously stupid since they keep changing each other, giving my false change notifications when I run ansible.

I have separate global/group/host vars that are just a list of usernames that get "sudo" access on a box which is why I currently separate it out into a separate task.

Anyone have an idea on how to merge theses? I was thinking of using set_fact to build the list of groups first and then running the user module once. I couldn't figure out if set_fact supports a "when" clause though.

- name: manage user groups
  user:
    name: '{{ item.name }}'
    state: '{{ item.state | default("present") }}'
    groups: '{{ item.groups | join(",") }}'
    append: '{{ item.append | default("no") }}'
  with_flattened:
    - users_global_list
    - users_group_list
    - users_host_list
  when: ((item.name is defined and item.name) and (item.groups is defined and item.groups))

- name: manage admins
  user:
    name: '{{ item.name }}'
    state: '{{ item.state | default("present") }}'
    groups: '{{ users_default_admin_group }}'
    append: 'yes'
  with_flattened:
    - users_global_list
    - users_group_list
    - users_host_list
  when: ((item.name is defined and item.name) and
         (item.name in users_global_admins or
          item.name in users_group_admins or
          item.name in users_host_admins))