Cannot use Role ako-tenant with access to Controller, Role, Tenant or User in non-admin tenant

[vitality411]

Describe the bug

It is not possible to use ako-tenant role with READ_ACCESS to resource PERMISSION_CONTROLLER for user creation: │ Error: Encountered an error on POST request to URL https://nsx-alb.tld.de/api/user: HTTP code: 400; error from Controller: map[error:Cannot use Role ako-tenant with access to Controller, Role, Tenant or User in non-admin tenant]

This is required by AKO: ako-0 ako 2024-03-01T10:23:20.483Z WARN lib/avi_api.go:65 msg: Unable to fetch data from uri /api/cluster Encountered an error on GET request to URL https://nsx-alb.tld.de/api/cluster: HTTP code: 403; error from Avi: map[error:User 'ako-test' is not authorized to read on resource System in tenant AKOTEST]

Reproduction steps

1. Create ako-tenant role according to https://github.com/vmware/load-balancer-and-ingress-services-for-kubernetes/blob/master/docs/roles/ako-tenant.json
2. Try to create avi_user with individuel tenants and role refs according to https://github.com/vmware/load-balancer-and-ingress-services-for-kubernetes/blob/master/docs/ako_tenancy.md

resource "avi_user" "avi_user" {
  name = "ako-${var.tenant}"
  access {
    tenant_ref  = avi_tenant.tenant.id
    role_ref    = data.avi_role.ako_tenant.id
    all_tenants = false
  }
  access {
    tenant_ref  = data.avi_tenant.admin.id
    role_ref    = data.avi_role.ako_admin.id
    all_tenants = false
  }
  password           = "SuperSecretPassword!"
  default_tenant_ref = avi_tenant.tenant.id
}

Expected behavior

It is possible to use ako-tenant role with READ_ACCESS to resource PERMISSION_CONTROLLER.

Additional context

No response