for some context... when the admin-user tries to assign role to Rancher-projects in a cluster they search for AD userid and it returns nothing. I know the userid is valid. As a cluster-admin when I search for the same AD userid, it works correctly. So, I am looking to see if I need to grant privileges to a resource to admin-user so they can do this function.