There are supporting service calls needed for
TEIIDTOOLS-979 so that the ui can create/delete/modify permissions.
The initial implementation is assuming:
- a way to inject sso information (via an administrative operation, such as a config map) to a single realm/client for all virtualizations. At this time we're not expecting a service account to determine roles nor provide an option to hard-code a list. Rather it's expected that the user will enter client role names directly in the virtualization role editing logic.
- provide appropriate service methods to update role information and demarcate which virtualizations have roles
- It's not clear if/when we're adding support for the pseudo role "any authenticated" or for schema/database level permissions, such as temp tables or being able to just grant all against a schema.