The current RBAC implementation does not provide any information about the reason for an unauthorized decision, simply a "Permission denied" message.

This should be reworked such that constraints can provide more information thus helping the user to understand the reason an action is not authorized.