Sensor must check the authorization of the opaque user token that the console plugin sends to the reverse proxy api. The user must have full read access to all deployment-like resources in a given namespace. The namespace is passed to the api either by http header or as an explicit request parameter.