Is your feature request related to a problem? Please describe.

Rancher Admins want to give the minimum set of permissions possible to end users in order to follow security best practice. These end users want to use the UI. However, there are some pages which require a combination of permissions at multiple different scopes to function correctly.

For example, the cluster/project permissions pages require permissions on principals (to search/display a readable name for users) and on roleTemplates (to see a list of usable roleTemplates as well as to display a readable name for the role). Since both of these resources are Globally scoped permissions, users who are cluster-owners/project-owners won't have access to them by default.

Describe the solution you'd like

The Rancher docs should be updated with a list of Global Resources (as well as a brief description on their purposes). This will help end users to determine what permissions they may need when creating a least-privilege user. This should probably be on this page, or a closely related page.

Describe alternatives you've considered
N/A - other alternatives discussed in meeting.

Additional context
N/A.