In the environments with many compliance controls in place it is safer to have only one way to manage RBAC: via user groups. So it would be very convenient to have a feature flag which disables platform functionality to assign roles and resource groups to individual users.