Improve authorization

We have authentication using OIDC. We also have some basic authorization. However, I believe that has the be improved:

* [ ] Some resource level access control (ACL, RBAC, …)
* [ ] More fine grained access control for operations on a global level