User permissions for "Organization Selection"
1.) Create a user account with rights to a specific org
2.) By default, user will login to "Any Org/Any Location"
3.) Try to access Katello resources (Content hosts, Products, Lifecycle, Activation Keys, etc.)
4.) Instead of the "Select an organization" page, user gets set to "/katello/403"
Users can first select their approved organization from the the top left drop down (requires education)
- alternatively -
Pin the users to their org upon login (doesn't work for LDAP IDs, which aren't "realized" until the user logs in the first time)
All users should have rights to the "select an organization" page; or better, if a user only has rights to a single org, they shouldn't have visibility to other orgs or the ability to pick another org.