Matching permissions in Istio AuthorizationPolicy

Service permissions (specified in an Authorization Policy per Service) define one or more specific required permissions for an endpoint, e.g. “group1.alarms.read.read”

Can User/Group permissions assigned to a user within their JWT token, define one or more generalized permissions, e.g. “group1.*.*.*”. ??

Thanks.