Professor
NeophyteI would say authentication and authorization based on central role management (like AD) is the standard in the enteprise environment. User has roles/groups assigned in the AD and then all systems work with user AD roles/groups obtained during SSO (SAML, OIDC).
I can imagine that small user base can be managed manually within LM. But it will be pain/nightmare for bigger companies. I have around 70 "teams" and authorization is based on AD roles/groups. Everything is managed via code (Terrafom TF - which is not the strongest point of LM). TF detects current teams (they are not flat structure, but they have own level of organizations) and based on that creates for each team: LM role, LM dashboard/resource/report/website group. Of course each team has write access only to own team dashboard/resource/report/website group and read everywhere + write to "test" dashboard/resource/report/website group where teams can work together eventually.
