Description of problem:

 RHDH provides customers the ability integrate with external services and assume data we pull in is unrestricted however, there could be RBAC in place on those external systems. We will need to provide customers the capability to replicate their policies in RHDH. 

A separate plugin certification initiative has also emerged to ensure plugins going into RHDH have RBAC support by default. We should align with these requirements as well in order to be consistent. 

Acceptance criteria: 

• RHDH's SCA and other scanners have 0 critical and high findings  
• External plugin services cannot read each others' PII and/or confidential information
• Customer documentation updated with instructions on how to configure RBAC and logging

Additional info:

Fix approach:

• Review RHDH SCA and other scanners' findings that affect your plugin
• Implement RBAC using these resources:
  • Enforce the Principle of Least Privilege
  • Maintain a Data Map
  • Perform Auth checks on REST API
• Update tests to create appropriate RBAC
• If applicable, implement audit logging 
• Update shared procedures with instructions on how to create role/binding and enable logging