Goal create Role with a rules that give narrow access to execute a specifc unpublished check.

Currently with existing RBAC I have to grant 'create' verb permissions to the full check resource.

What's needed is to extend the resource-name logic to work with the 'create' verb so that the POST to a specific check execute endpoint can be covered via role rule