At the moment, we are advising Foreman (and Satellite users) to use foreman rake console.

In a recent doc review of this chapter: https://docs.theforeman.org/nightly/Administering_Red_Hat_Satellite/index-foreman-el.html#sect-Administering-Users_and_Roles-Creating_and_Managing_Roles

Chapter 5.4.5 suggests installing a Foreman rake console, starting the console, loading it and creating a permissions table.

@Ewoud Kohl van Wijngaarden suggested that this was extremely dangerous.
He went on to say:

" If anything, we should create a rake task in upstream and recommend something like foreman-rake permissions:table. "