Within Rancher, each person authenticates as a user, which is a login that grants you access to Rancher. As mentioned in Authentication, users can either be local or external.
After you configure external authentication, the users that display on the Users page changes.
If you are logged in as a local user, only local users display.
If you are logged in an external user, both external and local users display.
Users and Roles
Once the user logs in to Rancher, their authorization, or their access rights within the system, is determined by global permissions, and cluster and project roles.
Define user authorization outside the scope of any particular cluster.
Define user authorization inside the specific cluster or project where they are assigned the role.
Both global permissions and cluster and project roles are implemented on top of Kubernetes RBAC. Therefore, enforcement of permissions and roles is performed by Kubernetes.