-
Story
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
None
-
None
-
None
-
False
-
-
False
-
5
-
None
-
None
-
OCP Console - Sprint 278
As a cluster administrator want to impersonate a user with multiple group memberships simultaneously, so that I can accurately reproduce their effective permissions and troubleshoot RBAC issues.
Currently, the OpenShift Web Console only supports impersonating either:
- A single user (Impersonate-User: <username>)
- A single group (Impersonate-Group:Â <groupname>)
This limitation prevents administrators and support personnel from accurately reproducing a target user's effective permissions when that user belongs to multiple groups. The oc CLI already supports this via repeated --as-group flags:
Â
oc --as=user1 --as-group=developers --as-group=admins --as-group=monitoring get pods
Â
Backend Changes
- Proxy: Already supports multiple Impersonate-Group headers
- WebSocket: Extend subprotocol parsing for multiple groups
- GraphQL: Update context handling for multiple groups
UI Components
AC:
- Support simultaneous user + multiple group impersonation
- Set Impersonate-User: <username> header
- Set multiple Impersonate-Group: <group> headers (one per group)
- Provide intuitive UI for multi-group selection based on the UX input
- Update Redux state to support multiple groups
- Extend ImpersonateKind type to support group array
- Maintain backward compatibility with existing single-group state
- Handle state transitions between single and multi-group modes
- WebSocket support for multi-group impersonation
Â
- is caused by
-
RFE-1279 Ability to impersonate user who has privileges from multiple groups
-
- Refinement
-
-
-
- Refinement
-
- is related to
-
CONSOLE-4782 Create the group impersonation modal
-
- To Do
-
-
-
- To Do
-
-
-
- To Do
-
-
-
- To Do
-
-
-
- To Do
-
-
-
- To Do
-
-
-
- To Do
-
-
-
- To Do
-
-
-
- To Do
-
-
-
- To Do
-
-
-
- Code Review
-
-
-
- Closed
-
