[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Understanding the difference between the role "admin" and the role "edit"



A project admin can edit/delete the project itself, and view and modify role bindings on the project (adding and removing other users and groups to the project).

Editors actually have the last item in your list... they are able to [get update] [imagestreams/layers] as well.

On Fri, Oct 30, 2015 at 10:19 AM, v <vekt0r7 gmx net> wrote:
Hello

I am interested in understanding the difference between the role "admin" and the role "edit" described in:
https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html

I take it from https://docs.openshift.com/enterprise/3.0/admin_guide/manage_authorization_policy.html that the role "admin" can do the following things that the role "edit" cannot:
admin: [create delete update] [project] [resourcegroup:granter]
admin [get list watch] [resourcegroup:policy]
admin: [get update]    [imagestreams/layers]

It seems like admin can do things like deleting projects that edit cannot. But what about resourcgroup:granter and resourcegroup:policy and the get/update on imagestreams? Can anyone explain what these things do?

When do I assign the role "admin" to a user and when do a give him/her the role "edit"? Why would I pick one over the other?

Regards
v

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]