What is the nature and description of the request?

Currently, ACS authz is built around roles, permission sets, and access scopes. All these resources can be manipulated both via UI and API. However,

1. GitOps-style configuration is not supported out-of-the-box yet.
2. No automatic role mapping for LDAP/AD is possible.

Why does the customer need this?

Simpler bootstrapping of ACS using existing organizational identities and roles.

ablock@redhat.com and Customer F: "They wanted to roll this via Git as the source of truth. Being able to describe [authn and authz] configurations in a declarative approach at this point is almost a must"

plewyllie and Customer A: "They would like to also give granular access to ACS to different roles. Currently, in OCP they use LDAP-Sync to achieve that, and feel something similar should exist in ACS. Now, they have to input this manually in the ACS UI which is not scalable with 100s of users." This is the only blocker for an ongoing PoC.

rbaumgar and Customer B: "ACS users are a member of a group (within LDAP/AD) with a name, say, ACS-<namespace>-analayst. The result should be that the users have access to the specified <namespace> with the role analyst."

List any affected packages or components.

Central authorization, UI, installation methods (helm, operator, etc).