[keycloak-dev] [authz] Roles as first class citizens

[Bill Burke]

I find creating role policies as cumbersome.  Also, how is the admin 
supposed to know if a policy with a specific role has already been 
created or not?  Maybe policies can have DENY and PERMIT role lists.  
when creating permissions you can just pick roles to add/remove to the 
permission.  I think the most used, most common case (90% of the time?) 
will be assigning role permissions to resources so we should make it as 
easy as possible.  Both within the admin UI and APIs.  Thoughts?

Bill