Sounds like a good plan. I like the idea of a nightly build, too. We don’t currently have anything but the production PSU instance but I’ve been mulling over the thought standing up a dev/test environment.
Just to report back, everything works fine now 
Only thing I noticed is: Users are either Policy Defined OR have an explicit role.
Once they get an explicit role assigned, they no longer get anything via policies.
So you either assign a user all required roles explicitly or you do this solely via policies/role scripts. Hybrid will not work. Thats fine for me, just a thing one should know.
1 Like