Description of the problem:

When RBAC is enabled, only users with permissions on a namespace can access complete traces and span details within that namespace. However, kubeadmin user (system:admin) should have the ability to view all traces and span details across any namespace. Currently, with RBAC enabled, kubeadmin user face the same restrictions as non-admin users and cannot access span details. A user created with the clsuter-admin cluster role can view all the span details and this issue is specific to the kubeadmin (system:admin) user.

Steps to reproduce the issue:

• Install the Tempo operator built off the latest upstream branch.
• Install OTEL and Cluster Observability operator.
• Run the RBAC tests with --skip-delete and check the Tracing UI from a kubeadmin user.

chainsaw -test --config .chainsaw-openshift.yaml  tests/e2e-openshift/multitenancy-rbac tests/e2e-openshift/monolithic-multitenancy-rbac

Expected behaviour:

kubeadmin (system:admin) user should be able to view all the traces and span details from any namespace when Tempo RBAC is enabled.