Openshift
Authorization¶
https://docs.okd.io/latest/architecture/additional_concepts/authorization.html
shows the rule sets for the admin and basic-user default cluster roles:
oc describe clusterrole.rbac admin basic-user
Service accounts¶
oc get sa
Rolebinding¶
| z | z |
|---|---|
$ oc adm policy who-can <verb> <resource> |
Indicates which users can perform an action on a resource. |
$ oc adm policy add-role-to-user <role> <username> |
Binds a given role to specified users in the current project. |
$ oc adm policy remove-role-from-user <role> <username> |
Removes a given role from specified users in the current project. |
$ oc adm policy remove-user <username> |
Removes specified users and all of their roles in the current project. |
$ oc adm policy add-role-to-group <role> <groupname> |
Binds a given role to specified groups in the current project. |
$ oc adm policy remove-role-from-group <role> <groupname> |
Removes a given role from specified groups in the current project. |
$ oc adm policy remove-group <groupname> |
Removes specified groups and all of their roles in the current project. |
--rolebinding-name= |
Can be used with oc adm policy commands to retain the rolebinding name assigned to a user or group. |