Automate roles & group (access control) configuration on initial install

I see the AQL tool has a --file=/path/to/ddl option. Is this the recommended mechanism for automating access control (user, group) configuration on initial deployment? Is there a way to drop this file in a specific location on disk instead of using the AQL tool? Looking for best practices for automating access control.

© 2015 Copyright Aerospike, Inc. | All rights reserved. Creators of the Aerospike Database.