-
Bug
-
Resolution: Done
-
Minor
-
None
Description of problem:
"Granting users permission to configure monitoring for user-defined projects" section confusing
Version-Release number of selected component (if applicable):
Current Documentation:
Assign the user-workload-monitoring-config-edit role to a user in the openshift-user-workload-monitoring project: oc -n openshift-user-workload-monitoring adm policy add-role-to-user \ user-workload-monitoring-config-edit <user> \ --role-namespace openshift-user-workload-monitoring
Expected results:
My expectation would be that by running this command users would be able to create monitoring objects inside of their namespace. (i.e. ServiceMonitor,PodMonitor,PrometheusRules
Actual results:
This gives access to change ConfigMaps inside of the openshift-user-workload-monitoring namespace. I don't really understand what the point of this is and I don't think it is something you would ever want to give a normal user. If this is the intended command I think there should be more clarity as to what we are trying to accomplish by giving them this access.
Additional info:
I think they actual command should be: oc -n <USER_NAMESPACE> adm policy add-role-to-user \ monitoring-edit <user> This would give user access to create the resources mentioned above
- links to
(1 links to)