Expand personas to provide a more granular experience for diverse teams / user / environments with a tenant
RBAC is quite limited when expanding across multiple teams, apps since it is cumulative. Potentially expanding personas to allow for target usage will provide granularity in being able to select what a user can do.
Take a simple application that has a Dev / Test / Stage / Prod environment in a single AWS cloud. From what we’ve seen relying on RBAC alone does not give the granular selections to segment the users from accessing only a defined scope (i.e. an environment). Sure groups can help; but not fully.
Now add a second application to the mix. And add another 2 users to the mix. Now, one of those users you want to be an “Admin” for both the applications and environments (Dev/Test/Stage/Prod) - Easy. Take another user and you want them to be the admin of one app but only for Dev/Test. The third user you want to be the admin of Stage / Prod. We have not been able to find a way to get this granular level of permissions. Its all or nothing.