diff --git a/authorization/README.md b/authorization/README.md
new file mode 100644
index 0000000..0115044
--- /dev/null
+++ b/authorization/README.md
@@ -0,0 +1,9 @@
+# authorization
+
+> [!IMPORTANT]  
+> Before adding a new group or rolebinding to the cluster, you **must** reach out to the cluster admins on Slack first (handle: `rhdh-cluster-admins`).
+
+> [!NOTE]  
+> Adding your username to one of the `Group`s managed by this ArgoCD application does **not** create your username or grant access to the cluster. You must already have an internal SSO login in order for these role bindings to take effect.
+
+Membership in the `redhat-ai-dev-users` `Group` on the cluster grants cluster-wide `edit` permissions. Additional permissions can be configured via additional `Group` and `RoleBinding` resources.
\ No newline at end of file
diff --git a/authorization/kustomization.yaml b/authorization/kustomization.yaml
new file mode 100644
index 0000000..4b056e0
--- /dev/null
+++ b/authorization/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - redhat-ai-dev-edit.yaml
+  - redhat-ai-dev-edit-users.yaml
+  - redhat-ai-dev-view.yaml
+  - redhat-ai-dev-view-users.yaml
diff --git a/authorization/redhat-ai-dev-edit-users.yaml b/authorization/redhat-ai-dev-edit-users.yaml
new file mode 100644
index 0000000..4935ad7
--- /dev/null
+++ b/authorization/redhat-ai-dev-edit-users.yaml
@@ -0,0 +1,17 @@
+# This group provides cluster-wide edit access on the redhat-ai-dev team OpenShift cluster.
+# This does *not* create your user on the cluster, you **must** have an internal SSO account to log on
+kind: Group
+apiVersion: user.openshift.io/v1
+metadata:
+  name: redhat-ai-dev-edit-users
+users:
+  - bwilcock
+  - jdubrick
+  - mfaisal
+  - yangcao
+  - mvaldron
+  - tpetkos
+  - gmontero
+  - jrichter
+  - karthik
+  - eyuen
diff --git a/authorization/redhat-ai-dev-edit.yaml b/authorization/redhat-ai-dev-edit.yaml
new file mode 100644
index 0000000..432e0b6
--- /dev/null
+++ b/authorization/redhat-ai-dev-edit.yaml
@@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: redhat-ai-dev-edit
+subjects:
+  - kind: Group
+    apiGroup: rbac.authorization.k8s.io
+    name: redhat-ai-dev-users
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: edit
diff --git a/authorization/redhat-ai-dev-view-users.yaml b/authorization/redhat-ai-dev-view-users.yaml
new file mode 100644
index 0000000..74ef1da
--- /dev/null
+++ b/authorization/redhat-ai-dev-view-users.yaml
@@ -0,0 +1,6 @@
+# This group provides cluster-wide view access on the redhat-ai-dev team OpenShift cluster.
+# This does *not* create your user on the cluster, you **must** have an internal SSO account to log on
+kind: Group
+apiVersion: user.openshift.io/v1
+metadata:
+  name: redhat-ai-dev-view-users
\ No newline at end of file
diff --git a/authorization/redhat-ai-dev-view.yaml b/authorization/redhat-ai-dev-view.yaml
new file mode 100644
index 0000000..ec90636
--- /dev/null
+++ b/authorization/redhat-ai-dev-view.yaml
@@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: redhat-ai-dev-view
+subjects:
+  - kind: Group
+    apiGroup: rbac.authorization.k8s.io
+    name: redhat-ai-dev-users
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: view