I need my instance_admins (a custom role) to be able to assign users to different roles without having the ability to alter grants to custom roles.
It looks like Manage all Roles includes "add user" and "edit grants" which should be separate (like edit group membership vs. edit the group).
For our use case:
James has the “instance_admin” role. That role does not include the grant Manage All Roles
James needs to be able to add users to Domo and assign them to the role “privileged” (or any other non-default role) without his role having the right to edit role grants.
(because I don’t trust James to instance_admin all the Admin grants whenever he feels like it).
