Uploaded image for project: 'Observability Documentation'
  1. Observability Documentation
  2. OBSDOCS-875

Update CLI command for granting permission to configure user-defined projects

XMLWordPrintable

    • OBSDOCS (Mar 4 - Mar 25) #250

      Description of problem:

      "Granting users permission to configure monitoring for user-defined projects" section confusing

      Version-Release number of selected component (if applicable):

      Current Documentation:

       Assign the user-workload-monitoring-config-edit role to a user in the openshift-user-workload-monitoring project:

oc -n openshift-user-workload-monitoring adm policy add-role-to-user \
  user-workload-monitoring-config-edit <user> \
  --role-namespace openshift-user-workload-monitoring

      Expected results:

      My expectation would be that by running this command users would be able to create monitoring objects inside of their namespace. (i.e. ServiceMonitor,PodMonitor,PrometheusRules

      Actual results:

      This gives access to change ConfigMaps inside of the openshift-user-workload-monitoring namespace. I don't really understand what the point of this is and I don't think it is something you would ever want to give a normal user.

If this is the intended command I think there should be more clarity as to what we are trying to accomplish by giving them this access.

      Additional info:

          I think they actual command should be:

oc -n <USER_NAMESPACE> adm policy add-role-to-user \   
monitoring-edit <user> 
 

This would give user access to create the resources mentioned above

       

            eromanov@redhat.com Eliska Romanova
            jland@redhat.com James Land
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: