For our use-case we need to restrict all users who are not part of given group(s) from having write access to global Spinnaker items.
I am familiar with the process of setting RBAC to specific application, accounts, etc., however in this case we are looking for a way to set RBAC for the default access. Several examples are:
- Only users from specific groups can create new applications
- Only users from specific groups can create/update global pipeline templates
Is there a way to achieve this?