Assume you have 300 namespaces. You cannot define RBAC for each namespace.
Far too complex and the size for ClusterPermission object might become too high

A ACM Policy can handle this very well but the challenge it how to bring this into UI

We do this (label or regex based selection with Policies)

Other example see here:
https://github.com/openshift/rbac-permissions-operator

Epic Goal

...

configure namespaces via regex

Why is this important?

...

hard to configure (impossible complex env!)

Alternative:

We say customer needs ACM Policy for complex scenarios and has no UI support

Scenarios

...

Acceptance Criteria

...

Dependencies (internal and external)

1. ...

Previous Work (Optional):

1. ...

Open questions:

1. …
   complexity

Done Checklist

• CI - CI is running, tests are automated and merged.
• Release Enablement <link to Feature Enablement Presentation>
• DEV - Upstream code and tests merged: <link to meaningful PR or GitHub
  Issue>
• DEV - Upstream documentation merged: <link to meaningful PR or GitHub
  Issue>
• DEV - Downstream build attached to advisory: <link to errata>
• QE - Test plans in Polarion: <link or reference to Polarion>
• QE - Automated tests merged: <link or reference to automated tests>
• DOC - Doc issue opened with a completed template. Separate doc issue
  opened for any deprecation, removal, or any current known
  issue/troubleshooting removal from the doc, if applicable.
• Considerations were made for Extended Update Support (EUS)