Uploaded image for project: 'OpenShift Authentication'
  1. OpenShift Authentication
  2. AUTH-294

Adding a 2nd user to a group breaks permissions

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Undefined Undefined
    • None
    • openshift-4.11
    • None
    • False
    • None
    • False
    • Hide

      Create a group i.e. Cluster-admin 

      Create a role binding cluster-admin-0 with permission cluster-admin

      Add 1 user, permissions inherited as expected

      Add 2nd user, permissions fail to work until 2nd user removed from group.

      Show
      Create a group i.e. Cluster-admin  Create a role binding cluster-admin-0 with permission cluster-admin Add 1 user, permissions inherited as expected Add 2nd user, permissions fail to work until 2nd user removed from group.

      When creating demo clusters for customers I frequently setup github authentication and 2 groups since it's quick and easy. 

      I normally create a Cluster-Admins and a Cluster-Readers group

      I stood up a new ocp 4.11 in AWS this afternoon. With just me added to cluster-admin group with cluster admin permission it works as expected. However, as soon as I add another user (no matter the method, GUI, yaml, etc) I become a regular user with no permissions to anything. At this point I have to logout and login as Kubeadmin and remove the 2nd user from the group. At first I thought it was an issue of the 2nd user not having logged in yet so I tried adding a 2nd user that already exists in the system and the same issue occurs. 

              kostrows@redhat.com Krzysztof Ostrowski
              pkramp@redhat.com Phillip Kramp (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: