You can assign shared resources such as credentials, clusters templates, recipes, image
catalogs, or proxies to groups. To assign a shared resource to a group, assign a specific
resource role on the scope of the specific shared resource.
Owner or a role that allows administering the environment AND
One of the following: IamViewer or IamUser (required for listing
In order to assign a role, a user must have all rights from the role that they are planning
to assign to another user; That is, a user can only assign a role higher than his own.