Release : 16.0

Component : ACF2 for z/OS

https://techdocs.broadcom.com/us/en/ca-mainframe-software/security/ca-acf2-for-z-os/16-0/installing/configure-z-os-management-facility-for-ca-acf2.html

Although the documentation and the sample jcl all reference ROLE based security, it is not a REQUIREMENT.
If you do not want to write roleset rules, you can convert them to UID rulesets.

for example..
SET RESOURCE(ZMC)                                                
RECKEY IZUDFLT ADD(ZOSMF.RESOURCE_POOL.WLM.IYU0 ROLE(IYU0RPAW) - 
SERVICE(READ) ALLOW)        

the TYPE(ZMC) rule can be created as a uid ruleset  after ascertaining which users
would be included  in ROLE IYU0RPAW.
if that would be user01, user02 and user03 the rule could be written as

SET RESOURCE(ZMC)                                                
RECKEY IZUDFLT ADD(ZOSMF.RESOURCE_POOL.WLM.IYU0 UID(<user01>) - 
SERVICE(READ) ALLOW)         

RECKEY IZUDFLT ADD(ZOSMF.RESOURCE_POOL.WLM.IYU0 UID(<user02>) - 
SERVICE(READ) ALLOW)

RECKEY IZUDFLT ADD(ZOSMF.RESOURCE_POOL.WLM.IYU0 UID(<user03>) - 
SERVICE(READ) ALLOW)
END
                             

What you would need to do is assign all users that would be associated with each group/role and then change
the rules to be UIDs instead of specifying the role.

I believe that cloud is required for v2r3 or above.
I would suggest that you start with member ACFMFSEC in CAX1JCL0
and then you can add other components as required.