Using Knife ACL to allow members of the "users" group to properly do validatorless bootstraps

gistfile1.txt

~/lab/repos/chef-server-ha-provisioning/src/chef-server-ha-aws-install   master ●  knife acl show containers nodes
create:
  actors: pivotal
  groups:
    clients
    users
    admins
delete:
  actors: pivotal
  groups:
    users
    admins
grant:
  actors: pivotal
  groups: admins
read:
  actors: pivotal
  groups:
    clients
    users
    admins
update:
  actors: pivotal
  groups:
    users
    admins
~/lab/repos/chef-server-ha-provisioning/src/chef-server-ha-aws-install   master ●  knife acl show containers clients
create:
  actors: pivotal
  groups: admins
delete:
  actors: pivotal
  groups:
    users
    admins
grant:
  actors: pivotal
  groups: admins
read:
  actors: pivotal
  groups:
    users
    admins
update:
  actors: pivotal
  groups: admins
~/lab/repos/chef-server-ha-provisioning/src/chef-server-ha-aws-install   master ●  knife acl add group users containers clients create,grant,update
Adding 'users' to 'create' ACE of 'clients'
Adding 'users' to 'grant' ACE of 'clients'
Adding 'users' to 'update' ACE of 'clients'
~/lab/repos/chef-server-ha-provisioning/src/chef-server-ha-aws-install   master ●  knife acl show containers clients
create:
  actors: pivotal
  groups:
    users
    admins
delete:
  actors: pivotal
  groups:
    users
    admins
grant:
  actors: pivotal
  groups:
    users
    admins
read:
  actors: pivotal
  groups:
    users
    admins
update:
  actors: pivotal
  groups: 
    users
    admins