There's maybe only a dozen different "groups" of permissions between all the users right now in auth.conf. Most of them would continue to have access to view all Clients but with RBAC depending on how granular things get I could see adding in some customer end-users with access to view their specific stuff (how a particular client is protected & its backup jobs for example) too.
All of the users would still have to be assigned to those RBAC groups of course, but I'd be thrilled if I only had to do that on a single Master, export the RBAC users and groups, then import them everywhere else to cover most things.
And as long as I'm asking, I'd like that export file to be user-readable text of course, because our Auditors will want to look at it to verify everything is appropriate at some point.
Bonus points if I can literally use the same config on multiple Masters regardless of whether or not it actually exists. For example, if userA has access to view the protection plans for all Acme DB2 clients on MasterA, but there aren't any on MasterB, when they login to MasterB they see an empty listing because their access doesn't return any Plan matches. I'd much rather have this be the case versus me getting an error attempting to import a non-applicable RBAC configuration into MasterB.
I'd love to work with whomever on making this happen, provide example auth.conf entries, whatever helps. As more stuff is added into the web GUI it's going to get more and more attractive to cut ourselves over but I can't do that until I can give everyone semi-equivalent access - and 100 users * 20ish Masters = a LOT of work if I can't do a bulk method. Not to mention having to keep each Master's entries updated with additions/removals after that first load.