Comment 6 for bug 1244228

I agree we need a RBAC admin endpoints. However, doing so is quite a change and I think we should discuss it a bit further to make sure we'll get it right. The way other projects do this is by adding a context middleware and passing a context object around in the wsgi request object. This seems to work in most cases but I think we need to decide what's going to happen when a user w/o permissions try to access a protected resource, how granular we want this to be and how much we want to push this down the stack.

I'd prefer us to start discussing RBAC first and then talk about what will happen with the admin endpoints. With regards to this bug, I think we can close it. I don't want us to add a new cli-param if we know we'll remove it later.