When a request is denied the reply back is:
HTTP 403
RBAC: access denied
Is there any way of customising this error to have a different status code and reply body?
It is currently not possible with Istio API, however there is a feature request for that on Github.
There is also a workaround using an envoy filter to customize that response.
Note, however, that Envoy filters are low-level constructs compared to Istio API and Istio doc says:
This feature must be used with care, as incorrect configurations could potentially destabilize the entire mesh.