With the new API, one can now manage the access for user account, service account and group. An access rule API grants permission to a subject (user account, service account, group), and has three components: a subject, role and scope. A subject may be granted any number of roles within a scope, and their level of permission is the union of all roles they are granted.
How to use the API:
Note: