1. Proposed title of this feature request
2. What is the nature and description of the request?
3. Why does the customer need this? (List the business requirements here)
4. List any affected packages or components.

ACS currently has visibility into Kube RBAC - Users, Groups, Roles, ClusterRoles, RoleBindings, ClusterRoleBindings, and can show all details of allowed API verbs, resources, etc

ACS currently has deploy policy criteria for Service Accounts and elevated permissions for SAs, and runtime policy for API verbs on named resources.

Proposal is to extend the current featureset to include recommendations for proper RBAC, and warnings of over-privileged users, based on actual (audit log) usage of verbs and resources for a given user.

(this project has an example of what's possible: https://github.com/liggitt/audit2rbac)

From a security perspective, I would like to know when my users, groups, service accounts have access to Kubernetes verbs and resources that I don't need. Excess permissions for access to objects allows users or an attacker to disregard security rules and access sensitive Kubernetes objects.