The RHACS m2m token exchange engine allows the use of regular expressions in the value filter for role attribution (for example: system:serviceaccount:.*:roxctl-sa would match service account roxctl-sa in all namespaces).

It would be good to ensure that this flexibility of configuration were mentioned in the RHACS product documentation.