In Kiali documentation we need to have a section about usage of non cluster-admin user in Kiali , which can have view only access to given namespaces only.

For a "foo" user to have view only access only to bookinfo namespace, we need to do:

1. Create "maistra-admin" ClusterRole and ClusterRoleBinding.
   For instance with the below mentioned rules:

   apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRole
   metadata:
     name: maistra-admin
     labels:
       rbac.authorization.k8s.io/aggregate-to-admin: "true"
   rules:
   - apiGroups: ["maistra.io"]
     resources: ["*"]
     verbs: ["get", "list", "watch"]
   - apiGroups: ["config.istio.io"]
     resources: ["*"]
     verbs: ["get", "list", "watch"]
   - apiGroups: ["networking.istio.io"]
     resources: ["*"]
     verbs: ["get", "list", "watch"]
   - apiGroups: ["authentication.istio.io"]
     resources: ["*"]
     verbs: ["get", "list", "watch"]
   - apiGroups: ["rbac.istio.io"]
     resources: ["*"]
     verbs: ["get", "list", "watch"]
   - apiGroups: ["authentication.maistra.io"]
     resources: ["*"]
     verbs: ["get", "list", "watch"]
   - apiGroups: ["rbac.maistra.io"]
     resources: ["*"]
     verbs: ["get", "list", "watch"]
   - apiGroups: ["security.istio.io"]
     resources: ["*"]
     verbs: ["get", "list", "watch"]
   ---
   apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRoleBinding
   metadata:
     name: maistra-admin
   roleRef:
     kind: ClusterRole
     apiGroup: rbac.authorization.k8s.io
     name: maistra-admin
   

1. Assign created 'maistra-admin' role to necessary OpenShift Cluster user on the necessary namespace.
   For 'foo' user on bookinfo namespace.

   oc adm policy add-role-to-user maistra-admin foo -n bookinfo
   

   Otherwise if this step is not done, the view only 'foo' user on Kiali side will face the linked OSSM issues.

2. Add 'view' role to user on particular namespace.
   For instance giving 'view' access to user 'foo' on bookinfo namespace:

   oc adm policy add-role-to-user admin foo -n bookinfo