[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]



We want to disable default project creation by authenticated users and let it delegate to a user. All users should to go a central provision system and ask for project, project quota, and provided admin/edit/viewers members. Once project was created, quota’s were setup and add appropriate admin/edit and viewers, authenticated user can create apps themselves. Essentially we want to control initial project, quota , project members

We don’t’ want to give cluster-admin and admin to this generic user being used by orchestration system and limit its capabilities by using OSE 3.x roles features.

This is my understanding :

oadm policy remove-cluster-role-from-group self-provisioner system:authenticated 
oadm policy add-cluster-role-to-user self-provisioner <robot user>
What other roles needed by robot user to setup quotas on projects, add users to admin/edit and viewers to projects ??
oc describe clusterPolicyBindings :default command listing existing roles starting system-* but not sure which roles really required to perform above jobs.
Can you help here?

Srinivas Kotaru

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]