Currently, I can login to TMC CLI in the following ways:
1) Using LDAP accountswith `Cloud Administrator` role
2) Using LDAP account with role `tmc:admin`
3) Using local accounts `tmc-amin`, `tmc-member` or any other local accounts with role `tmc:admin` or `tmc:member` assigned to them
I cannot authenticate to TMC CLI from LDAP/local accounts/groups for which I have authentication configured TMC GUI Access section. See screenshot that shows current access policy.
To me, it seems like the `tmc-admin` or `tmc-member` roles are necessary to log ont TMC CLI and subsequentially accesst the K8s API via says kubectl However, having those roles gives automatically admin access to TMC managed K8s clusters which defeats the purpose of RBAC.
Am I missing something?