I find creating role policies as cumbersome. Also, how is the admin
supposed to know if a policy with a specific role has already been
created or not? Maybe policies can have DENY and PERMIT role lists.
when creating permissions you can just pick roles to add/remove to the
permission. I think the most used, most common case (90% of the time?)
will be assigning role permissions to resources so we should make it as
easy as possible. Both within the admin UI and APIs. Thoughts?
Bill