As a LokiStack administrator, I want to allow access to the application logs only for a dedicated group of developers, so that I can control who is eligible to search application logs regardless access to projects.

Acceptance Criteria

• The administrator can define which developer user group(s) have access to the application tenant logs.
• The administrator can still provide access to the workloads' namespaces for developer users to inspect other resources.
• The developer user group(s) not listed by the administrator cannot see logs in the Observe Aggregated Logs view.
• The Cluster logging stack still provides full per-project access to all users of system:authenticated group if the administrator does not provide more specific groups.

Developer Notes

• TBD
•