You can assign shared resources such as credentials, cluster definitions, clusters
templates, recipes, or image catalogs to groups. To assign a shared resource to a group, assign a
specific resource role on the scope of the specific shared resource.
Owner or a role that allows administering the environment AND
One of the following: IamViewer or IamUser (required for listing
In order to assign a role, a user must have all rights from the role that they are planning
to assign to another user; That is, a user can only assign a role higher than his own.