The following questions need to be addressed:
- Who is allowed to create clusterroles/roles and bindings?
- Should only one person be responsible for this, or e.g. someone for clusterroles, someone else for roles and again someone else for the respective bindings?
- Which clusterroles should there be?
- Which Roles should there be?
- Which naming convention makes sense?
- What is not covered by RBAC?
- How are elements not covered by RBAC handled?