in current feature set, some operations are dangerous, shall we apply an access control mechnism to distinguish different roles?

Generally, there will be 3 kind of roles:
administrator (deploy/build cluster...)
operator (operation and maintain cluster)
demo (read only)