This is more of a future task, but at some point we should make sure that all security constraints are configured properly (right now we have no way of telling which resources should be, for example, sensitive). Thus QE will need something to check against. As a good example of what I mean have a look at referential document for module classification [1] - although for RBAC we would like to see something more "machine-friendly"

This should be something like listing of resources classified by default as sensitive/application/...

[1] https://docspace.corp.redhat.com/docs/DOC-105009