Treats host in a manner equivalent to profiles and socket binding groups for RBAC server group scoped roles. Difference is the mapping comes from the /host =/server-config= resources' "group" attributes instead of from /server-group=* resources' profile and socket-binding-group resources.

If all servers on a given host are members of server groups accessible to a server group scoped role, then all resources on that host are accessible. If no server-config is defined on a given host, then it is accessible to all server group scoped roles.