@simos stated that there are no free RBAC service implementations available (as far as he knows). There might be a free plan for Canonical RBAC covering a limited number of machines using https://landscape.canonical.com. However, the image server and associated RBAC service should be self-hostable without depending on a third party.
Might RBAC be overdo since it offers control of a much wider variety of capabilities that aren’t used/required?