Fix bad cli call in the docs

Author: RyaliNvidia

docs/deployment_guide/appendix/authentication/authentication_flow.rst

@@ -132,7 +132,7 @@ Troubleshooting
 Verify IdP configuration (redirect URIs, client ID/secret), Envoy OAuth2 and JWT provider settings (issuer, audience, JWKS URI), and that the IdP is reachable from the cluster.
 
 **User has no permissions (403)**
-Check that the user has roles in OSMO (via ``osmo user roles list <user_id>`` or IdP mapping). Verify ``x-osmo-user`` and ``x-osmo-roles`` in Envoy logs. Ensure the role has policies that allow the requested action (see :doc:`roles_policies`).
+Check that the user has roles in OSMO (via ``osmo user get <user_id>`` or IdP mapping). Verify ``x-osmo-user`` and ``x-osmo-roles`` in Envoy logs. Ensure the role has policies that allow the requested action (see :doc:`roles_policies`).
 
 **Token validation failures**
 Ensure issuer and audience in Envoy match the JWT. Check JWKS URI connectivity from Envoy. For access tokens, ensure the token exists and is not expired.

docs/deployment_guide/appendix/authentication/identity_provider_setup.rst

@@ -187,14 +187,14 @@ Verification
 ============
 
 - **Browser:** Open ``https://<your-domain>`` in a private window. You should be redirected to the IdP, then back to OSMO with a session.
-- **CLI:** After logging in, run ``osmo user roles list <user_id>`` to confirm the user has the expected roles.
+- **CLI:** After logging in, run ``osmo user get <user_id>`` to confirm the user has the expected roles.
 
 Troubleshooting
 ===============
 
 - **Invalid token / 401:** Check issuer and audience in Envoy match the JWT. Ensure the IdP’s JWKS URI is reachable from the cluster and the signing key is present.
 - **Redirect fails:** Ensure the redirect URI in the IdP exactly matches (scheme, host, path, no trailing slash).
-- **User has no roles / 403:** Ensure the user exists in OSMO and has roles (via ``osmo user roles list <user_id>`` or IdP mapping). Verify the user claim (e.g. ``preferred_username``, ``email``) matches what OSMO expects.
+- **User has no roles / 403:** Ensure the user exists in OSMO and has roles (via ``osmo user get <user_id>`` or IdP mapping). Verify the user claim (e.g. ``preferred_username``, ``email``) matches what OSMO expects.
 
 .. seealso::
 

docs/deployment_guide/appendix/authentication/roles_policies.rst

@@ -481,7 +481,7 @@ Pool Access Issues
 --------------------
 
 1. **Check role policies**: Ensure the role has a policy allowing ``workflow:Create`` scoped to the target pool (e.g., ``resources: ["pool/my-pool"]``)
-2. **Check role assignment**: Ensure the user has the role in OSMO (via ``osmo user roles list <user_id>`` or IdP role mapping)
+2. **Check role assignment**: Ensure the user has the role in OSMO (via ``osmo user get <user_id>`` or IdP role mapping)
 3. **Review resource scope**: Verify the policy's ``resources`` field matches the pool name (e.g., ``pool/my-pool`` or ``pool/*``)
 
 .. _actions_resources_reference: