Loading...

XML

Word

Printable

Type: Bug
Resolution: Obsolete
Priority: Critical
Fix Version/s: OADP 1.4.2
Affects Version/s: None
Component/s: Documentation
Labels:
- triaged

Story Points:
3
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
QEStatus:
ToDo
Intelligence Requested:
Market:

Severity:
Important
Cost of Delay:
8
WSJF:
2.667
Risk Probability:
Very Likely
Risk Score:
0

Workstream:

None

Root Cause:
Unset
Failure Category:
Unknown

Regression:
None

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

PX Impact Score:

Description of problem:

While the documentation states the following, users are unclear on how to set up this RBAC settings concretely.

https://docs.openshift.com/container-platform/4.16/backup_and_restore/application_backup_and_restore/installing/about-installing-oadp.html#about-installing-oadp-on-multiple-namespaces_about-installing-oadp

By default, each OADP deployment has cluster-level access across namespaces. OpenShift Container Platform administrators need to review security and RBAC settings carefully and make any necessary changes to them to ensure that each OADP instance has the correct permissions.

We need clear examples. For instance, here is the use case that some users are considering:

TeamA: Installs OADP into namespace oadp-a, and wants to backup/restore namespace team-a, but don't want to allow backup/restore of other namespaces.
TeamB: Installs OADP into namespace oadp-b, and wants to backup/restore namespace team-b, but don't want to allow backup/restore of other namespaces.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.
2.
3.

Actual results:

Expected results:

Additional info:

also update https://access.redhat.com/articles/5456281#can-i-install-oadp-into-multiple-openshift-projects-to-enable-project-owners-31 when this ticket is done.

Slack: https://redhat-internal.slack.com/archives/C0144ECKUJ0/p1728968322617729?thread_ts=1728627599.380689&cid=C0144ECKUJ0

is incorporated by

OADP-3931 NAC, non-admin-controller Non-admin backup/restore

In Progress

is triggering

OADP-5176 Need to revise implication that we support custom RBAC OADP to multi-tenancy.

ASSIGNED

Assignee:: Shruti Deshpande

Reporter:: Yuki Okada

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2024/10/15 4:55 AM

Updated:: 2024/11/05 3:45 PM

Resolved:: 2024/10/29 7:05 PM

Details

Description

Description of problem:

Actual results:

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates