As far as I understand, the Autorities received upon login (whichever way they're provided - LDAP, OIDC, SAML, etc. ) should be automatically mapped to Global roles.
This works with Matrix based security and I think this mapping is what is expected.

You can create the Roles and assign permission so that when user log in, mapping their Autorities to Global roles by name will provide permission to users.

It actually works with the autority "admin". User's that have this autority automatically receive Administer/Overall permission, but doesn't for other autorities.