Feature Description

Add a role which grants no access to anything so that it may be set as a default for the JIT provisioner.

Are you intending to implement this feature?

No

Current Behavior

JIT role provisioning uses a default role which it grants to all users who attempt to authenticate but do not have a relevant role claim/assertion. All existing roles grant read access to the graph at minimum. This is not desirable in situations where unauthorized users have network access to the BHCE instance.

Desired Behavior

Have a no-privilege role (or special option) to not grant any privileges to users who do not have relevant authorization.

Use Case

The purpose would be to have a safe deployment of JIT user and role provisioning in environments in which most people (John from accounting) are not expected to be legitimate BHCE users.