User/role management best practices

What is the best practice for the user and role management with the operator?

Is it preferable to create users k8s resources or is it better to create users via Kibana?

is there a way to do custom roles via k8s resources?

The user CRD that exists in 0.8.0 is going away in the next release. The recommended way to manage users is through the native realm either via the API or Kibana.