How to assign user permission for accessing Rancher proxying Longhorn UI

Rancher UI access can be secured by integrating with LDAP MFA. Thus accessing Longhorn UI would be safer via Rancher proxying Longhorn UI than via creating an NGINX Ingress controller with basic authentication.

A user, with default Rancher cluster member permissions + Manage Storage + View All Projects cluster roles, always fails in accessing Longhorn UI

 "message": "services \"http:longhorn-frontend:80\" is forbidden: User \"u-xxxxxx\" cannot get resource \"services/proxy\" in API group \"\" in the namespace \"longhorn-system\""

Knowing Rancher cluster owner having access to Longhorn UI, which Rancher cluster roles need to be added to cluster member for accessing Longhorn UI