Active directory vs users roles


We have Rancher-2.1.6 integrated with Active Directory.

Although we enabled only the User Base role for new users, every new user that login gets access to create clusters.

How do we fix that?

Thanks in advance.

You can see and click the add cluster button != You can actually create a cluster. There is not (yet) enough information available in the API for the UI to know if actions will be allowed by RBAC or not in advance, so you see buttons that will not ultimately work. Try actually creating one.

Yes! You’re right.

But if is not allowed for someone to access either an action or feature, I think that resource/feature souldn’t be seen by one.

Another way would be… What if the actions which is not allowed to be used, be disabled of been clicked?

As for example… the above one and otherone below: