Allow role checks on plans / apbs (what role should could roles play)

[maleck13]

Feature:

It would be useful to be able to specify a role a user must have in order to provision a plan.

This is associated with the shared services spike so very much early thought process

Example usecase:

I have two plans as part of a service:

1. Provision Shared service (ie provision a full running service with all the pods etc)
2. Provision Slice of the shared service (ie just provision a service instance, the apb just set you up as a tenant)

I may want only users with the role shared-service-provisoner to be able to provision the shared service plan
While I may want to allow any user with the edit role to be able to provision a slice of that service.
I am still exploring the idea of two separate APBs so it may also be useful to have a role to check specified for the entire APB?

This is associated with the shared services spike so very much early thought process.

I am not aware of any way the service catalog itself could handle this as it would require all brokers to know about roles in the platform. So it seems like it belongs in the broker, but again open to debate on it.

[maleck13]

#979

[maleck13]

closing as this is solved by namespace level brokers