The "Access Management" section of the Teleport web UI should be automatically hidden if you have no permissions to perform any admin actions inside the cluster.
Removing all permissions from a user still shows the Access Management section of the UI, with two active subheadings:
Enroll new resource
It is pointless to show this section to users when they have no permission for any of the resource adding flows.
Access lists
This page even tells you the reason why you can't see access lists, but then still shows them.
Modifying the web UI's ACLs so that these sections are not shown without appropriate permissions (or can at least be hidden by adding deny rules for specific RBAC resources) will help to make the UI less confusing for non-administrative users.
This is working as intended. Hiding sections of the UI is available to enterprise customers who meet certain requirements, the details of which are not appropriate in the OSS issue tracker.
Expected behavior
The "Access Management" section of the Teleport web UI should be automatically hidden if you have no permissions to perform any admin actions inside the cluster.
As shown by the popularity of this discussion post showing how to hide Teleport's web UI sections, this is key functionality sought by Teleport administrators to make it easier for non-admin users to navigate the cluster.
Current behavior
Removing all permissions from a user still shows the Access Management section of the UI, with two active subheadings:
Enroll new resource
It is pointless to show this section to users when they have no permission for any of the resource adding flows.
Access lists
This page even tells you the reason why you can't see access lists, but then still shows them.
Modifying the web UI's ACLs so that these sections are not shown without appropriate permissions (or can at least be hidden by adding
deny
rules for specific RBAC resources) will help to make the UI less confusing for non-administrative users.Bug details: