Uploaded image for project: 'Product Technical Learning'
  1. Product Technical Learning
  2. PTL-10000

DO280 - RBAC admin role confusion for learners

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • DO280 - OCP4.12-en-2-20230707
    • DO280
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • 3
    • ROLE
    • en-US (English)
    • DO280 Sprint 1

      Please fill in the following information:


      URL: https://rol.redhat.com/rol/app/courses/do280-4.12/pages/ch03s04
      Reporter RHNID: chetan-rhls
      Section title: RBAC
      Language:       English                                                                  

      Issue description : Ch03s04 and Ch10s02 has two different tasks to give admin role to a subject : 

       

      In the G.E. define and apply permissions, step 3.3 the command used to grant admin permisions is:

      oc policy add-role-to-user admin username. 

      but in the comprehensive review the command used to again grant admin permissions is:

      oc adm policy add-cluster-role-to-user admin username.

      Can you explain how the same role is used once with add-cluster-role and other time is used with add-role?

      and this command too:

      oc adm policy add-role-to-user admin alice -n joe-project given in the offical doc https://docs.openshift.com/container-platform/3.11/admin_guide/manage_rbac.html#:~:text=Users%20with%20the%20cluster-admin,in%20the%20Evaluating%20Authorization%20section. 

      for both local and cluster role bindings we will use : oc adm policy ? or for locally we can use oc policy as well ?

      Also, the "Admin" role is a project specific role as per the K8 docs or OpenShift docs and cluster-admin is a cluster wide super user role -right ? There is an ambiguity and learners often confuse about this - please help in clarifying this. 

       

      Please also take a look at : https://issues.redhat.com/browse/PTL-8710 for a similar confusion. 

       

      Steps to reproduce:

       

      Workaround:

       

      Expected result:

              althomas@redhat.com Allen Thomas
              chetan-rhls Chetan Tiwary
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: