Reason why unavailable options aren't hidden

Hi there,

I was just setting up a user account with limited access to the Rancher UI and I noticed that the API correctly denies access to, say, adding a new cluster. However, the UI still shows the button and form. Same goes for everything else. The UI suggests that you have the ability to do so, but the API won’t let you once you hit the button.

Is that something that has been designed like that deliberately or just something that hasn’t yet been implemented? Because frankly it’s quite confusing to see all the options just to then be disappointed that you can’t do anything.



The UI can’t easily parse the many role bindings and flatten them out to determine what effective permissions the current user has, and can’t do it at all if the user can’t see the role bindings and roles themselves. So this requires API support, which doesn’t exist.

Thanks for letting me know! I’ll subscribe to that issue then.