Users permissions in the Web UI seem largely divorced from their permissions in the CLI, both in practice, and in how they are displayed.
Solution
"Role" should mean the same thing in the UI and in the CLI, and a users full permissions in both contexts should be visible from either context, and ideally editable from either context.
Alternative Solutions
The very hard to understand situation that currently exists is I guess the alternative.
Notes
Assigning RBAC to users / groups / roles today is very convoluted and not the simplest to test, especially with SAML enabled. It would be extremely nice to help mitigate that by at least having terms mean the same thing in the CLI and in the UI, and be able to trivially view them in both places.
Problem Description
Users permissions in the Web UI seem largely divorced from their permissions in the CLI, both in practice, and in how they are displayed.
Solution
"Role" should mean the same thing in the UI and in the CLI, and a users full permissions in both contexts should be visible from either context, and ideally editable from either context.
Alternative Solutions
The very hard to understand situation that currently exists is I guess the alternative.
Notes
Assigning RBAC to users / groups / roles today is very convoluted and not the simplest to test, especially with SAML enabled. It would be extremely nice to help mitigate that by at least having terms mean the same thing in the CLI and in the UI, and be able to trivially view them in both places.
https://github.com/siderolabs/omni-feedback/issues/30