One proposal for coping with naming conflicts between groups and users for purposes of granting permissions: don't allow conflicts (so far as we can determine).
When strong consistency comes to cluster metadata, we can enforce this more strongly, but for now we can supplement this by adding documentation instructing ops not to create groups and users by the same name.
Attempt to enforce role name uniqueness
This PR will probably be rejected in favor of #533
For the same reason as other security/bucket-type buckets found by @macintux, this has been marked for milestone 2.0-RC
EDIT: wrong milestone, was 2.0.1, meant 2.0-RC
This can be closed now. #533 has separated the concepts so name uniqueness is no longer required.