A best practice would be to establish those rules in a non-prod environment, then ship the rules as CRDs to the production cluster for any groups you choose.