It's quite easy to limit who can authenticate to the API server. For instance, if using GitHub as an identity provider, it's easy to limit access to users who are members of particular GitHub org(s).
In cases where you know everyone coming through the door is welcome, it's a pain for admins to have to explicitly grant read-only access to new users.
What would be good is an install-time option for new users to automatically receive read-only permissions on first login.
It's quite easy to limit who can authenticate to the API server. For instance, if using GitHub as an identity provider, it's easy to limit access to users who are members of particular GitHub org(s).
In cases where you know everyone coming through the door is welcome, it's a pain for admins to have to explicitly grant read-only access to new users.
What would be good is an install-time option for new users to automatically receive read-only permissions on first login.