Hi. Going through the SECURITY, PRACTICE TEST CLUSTER ROLES, task “A new user mi . . .

Sergey Lozenkov:
Hi.
Going through the SECURITY, PRACTICE TEST CLUSTER ROLES, task “A new user michelle joined the team. She will be focusing on the nodes in the cluster. Create the required ClusterRoles and ClusterRoleBindings so she gets access to the nodes.”
Please could anyone clarify what is the difference between two methods of checking:
k get nodes --as michele and
kubectl auth can-i list nodes --as michelle?

Should both commands get same results?

And I discovered that maybe applying of cluster roles take some time. Because when I execute
first time I’ve got

controlplane ~ ✖ k get nodes --as michele
Error from server (Forbidden): nodes is forbidden: User "michele" cannot list resource "nodes" in API group "" at the cluster scope

But after some time I’ve got

controlplane ~ ➜  k get nodes --as michelle
NAME           STATUS   ROLES                  AGE   VERSION
controlplane   Ready    control-plane,master   16m   v1.26.0+k3s1

How long this applying will took?
Thank You

Shwetha Shenoy V:
The user in first command is different from the one in second. First one has one l and the second has 2.

Sergey Lozenkov:
@Shwetha Shenoy V oops. It was my typo. In case we have same user name, what is difference?

Shwetha Shenoy V:
With k auth can-i command, you will get a yes/no assert only. No data is output. With the first one, you actually fetch the data as the user.