diff --git a/config/context.go b/config/context.go
index b053e2ff..25b2b97f 100644
--- a/config/context.go
+++ b/config/context.go
@@ -21,6 +21,7 @@ import (
 	projectSchema "github.com/rancher/types/apis/project.cattle.io/v3/schema"
 	rbacv1 "github.com/rancher/types/apis/rbac.authorization.k8s.io/v1"
 	"github.com/rancher/types/config/dialer"
+	"github.com/rancher/types/user"
 	"github.com/sirupsen/logrus"
 	"k8s.io/api/core/v1"
 	"k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
@@ -37,10 +38,6 @@ var (
 	ManagementStorageContext types.StorageContext = "mgmt"
 )
 
-type ManagementGetter interface {
-	GetManagement() managementv3.Interface
-}
-
 type ScaledContext struct {
 	ClientGetter      proxy.ClientGetter
 	LocalConfig       *rest.Config
@@ -51,6 +48,7 @@ type ScaledContext struct {
 	Schemas           *types.Schemas
 	AccessControl     types.AccessControl
 	Dialer            dialer.Factory
+	UserManager       user.Manager
 	Leader            bool
 
 	Management managementv3.Interface
@@ -68,10 +66,6 @@ func (c *ScaledContext) controllers() []controller.Starter {
 	}
 }
 
-func (c *ScaledContext) GetManagement() managementv3.Interface {
-	return c.Management
-}
-
 func NewScaledContext(config rest.Config) (*ScaledContext, error) {
 	var err error
 
@@ -151,6 +145,7 @@ type ManagementContext struct {
 	Schemas           *types.Schemas
 	Scheme            *runtime.Scheme
 	Dialer            dialer.Factory
+	UserManager       user.Manager
 
 	Management managementv3.Interface
 	Project    projectv3.Interface
@@ -167,10 +162,6 @@ func (c *ManagementContext) controllers() []controller.Starter {
 	}
 }
 
-func (c *ManagementContext) GetManagement() managementv3.Interface {
-	return c.Management
-}
-
 type UserContext struct {
 	Management        *ManagementContext
 	ClusterName       string
diff --git a/user/manager.go b/user/manager.go
new file mode 100644
index 00000000..ae031a62
--- /dev/null
+++ b/user/manager.go
@@ -0,0 +1,13 @@
+package user
+
+import (
+	"github.com/rancher/norman/types"
+	"github.com/rancher/types/apis/management.cattle.io/v3"
+)
+
+type Manager interface {
+	SetPrincipalOnCurrentUser(apiContext *types.APIContext, principal v3.Principal) (*v3.User, error)
+	GetUser(apiContext *types.APIContext) string
+	EnsureUser(principalName, displayName string) (*v3.User, error)
+	CheckAccess(accessMode string, allowedPrincipalIDs []string, user v3.Principal, groups []v3.Principal) (bool, error)
+}