We want to disable default project creation by authenticated users and let it delegate to a user. All users should to go a central provision system and ask for project, project quota, and provided admin/edit/viewers members. Once project was created, quota’s were setup and add appropriate admin/edit and viewers, authenticated user can create apps themselves. Essentially we want to control initial project, quota , project members
We don’t’ want to give cluster-admin and admin to this generic user being used by orchestration system and limit its capabilities by using OSE 3.x roles features.
This is my understanding :
What other roles needed by robot user to setup quotas on projects, add users to admin/edit and viewers to projects ??
oc describe clusterPolicyBindings :default command listing existing roles starting system-* but not sure which roles really required to perform above jobs.
Can you help here?