LDAP/AD/... : Automatically assign device/group/etc permissions during (first?) login

Currently it seems that after a user logs in the first time, we need to manually assign them what devices, device groups, etc they have access to. It would be nice if we could configure this to be done automatically, such that for example anyone with the group ‘role-qa’ would automatically be able to see anything to do with anything in the ‘qa servers’ device group.

While building a UI for this might be a bit more work, it seems like it would be fairly straightforward to do it from config.php, something like:

$config['auth_group_autoassign'] = [
    'role-qa' => [
        'devices' => [
        'device_groups' => [
        'interfaces' => ...
        'bills' => ...

Then every time a user logs in for the first time (or possibly every time?), a bit of code checks that array and makes the necessary assignments.

This would save us having to wait for a user to login first, then go in and manually add permissions afterwards.

Naturally, doing this from the web UI would be more ideal, but would require more effort to implement since that would require a new view, etc, versus just the logic implementation.