Global read-only Role

Hi,

I am looking for a way, to allow a group read-only permissions on all Clusters for all resources without having to add them to all clusters individually. I managed to create a global role where all clusters are visible, but no resource inside the cluster can be retrieved

I am using terraform to provision the role:

resource "rancher2_global_role" "cluster-readonly" {
  name = "Cluster Reader"
  rules {
    api_groups = ["*"]
    resources = ["*"]
    verbs = ["get","list","watch"]
  }
  rules {
    verbs = ["get","list","watch"]
    non_resource_urls = [ "*" ]
  }
}