Manage clusters with rancher without cluster-role?

hello everyone !
currently we have cupule of openshift clusters that we want to manage with rancher,
we don’t have ability to use cluster-role (the cluster belong to external PaaS team and they refuse to grant Cluster wide permission), is there any way run cluster-agent with lower permission level ? we can except feature in rancher that didn’t need this permission to work ?

Rancher version: any
downstream cluster: openshift 3 , 4

I have already try to limit rancher-agent to role only, its didn’t work.
It there any list of rancher-agent permissions in the docs ?