Allow only users in specific group to have default write permissions


For our use-case we need to restrict all users who are not part of given group(s) from having write access to global Spinnaker items.

I am familiar with the process of setting RBAC to specific application, accounts, etc., however in this case we are looking for a way to set RBAC for the default access. Several examples are:

  • Only users from specific groups can create new applications
  • Only users from specific groups can create/update global pipeline templates

Is there a way to achieve this?

thank you