[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Understanding the difference between the role "admin" and the role "edit"



Hello

I am interested in understanding the difference between the role "admin" and the role "edit" described in:
https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html

I take it from https://docs.openshift.com/enterprise/3.0/admin_guide/manage_authorization_policy.html that the role "admin" can do the following things that the role "edit" cannot:
admin: [create delete update] [project] [resourcegroup:granter]
admin [get list watch] [resourcegroup:policy]
admin: [get update]    [imagestreams/layers]

It seems like admin can do things like deleting projects that edit cannot. But what about resourcgroup:granter and resourcegroup:policy and the get/update on imagestreams? Can anyone explain what these things do?

When do I assign the role "admin" to a user and when do a give him/her the role "edit"? Why would I pick one over the other?

Regards
v


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]