User Management and Separation of Privileges

Description

As this issue contains some major impacts on the controller some planning on how to design the user management seems reasonable. The following proposal should be discussed:

Overview

Overview about necessary calls/architecture:

Maybe add refresh session method.

User representation

Role representation

Different proposals on role design:

V1: Each role gets permissions for specific allowed calls. (This seems to be more common)

V2: Role(s) get mapped to specific calls.

High level interface design

Draft for proto files: rbac.proto

Seperation of privileges

Discussion: Are there differences on how to handle internal / external resource access?