Same user allowed to have multiple roles in the same cluster

[nickwsuse]

Setup

• Rancher version: 2.6-head Commit ID: c8d01c6
• Kubernetes version: v1.23.6
• Cluster Type (Local/Downstream): Downstream node driver 1 worker, 1 etcd, 1 cp RKE1

Describe the bug

To Reproduce

1. Stand up Rancher instance and a downstream cluster
2. In the Rancher UI, click the hamburger menu icon in the top left
3. In the expanded menu on the left side of the page, click "Users & Authentication"
4. Create a new user by clicking the "Create" button in the upper right of the page
5. Click the hamburger menu icon again
6. Click the downstream cluster you created in step 1
7. In the menu on the left side of the page, click "Cluster Members"
8. Click the "Add" button in the upper right of the page
9. In the search box, search for the user you created in step 4
10. Select any of the Cluster Permissions radio buttons
11. Repeat steps 8 and 9
12. Select a different Cluster Permission than what you selected in step 10

Result

Expected Result

• Either an error message stating the user is already assigned a role on the cluster - OR - the user's existing role to be overridden with the newly set role.

Actual Result

• The user is shown to have any and all roles that it has been assigned, even if there is overlap or conflicting role permissions

Screenshots View of the UI showing a user with multiple conflicting role permissions

[bashofmann]

Isn't this a feature and the result is that the user has the permissions from both roles combined?

Similarly a user in Kubernetes can have multiple RoleBindings.

[gaktive]

We need to review the UX in a later version. The fact is that there aren't 6 u1 users here; the presentation is that the u1 user has these roles.

Kubernetes can allow for competing cluster permissions but this would be better if we show the u1 user once with the 6 roles. But to add roles, we'd need a different UX.

[kwwii]

We need to redesign the Add User / Permissions functionality at the cluster level. The current UI is confusing and clearly not offering a good UX

[dasarinaidu]

I am seeing the same issue on v2.7-f7692f30cf47d00073cc41b879e0ff90fb0a68b0-head

[edenhernandez-suse]

Part of #8233