-
Bug
-
Resolution: Done
-
Major
-
DO280 - OCP4.12-en-2-20230707
-
None
-
False
-
-
False
-
3
-
ROLE
-
-
-
en-US (English)
-
DO280 Sprint 1
Please fill in the following information:
| URL: | https://rol.redhat.com/rol/app/courses/do280-4.12/pages/ch03s04 |
| Reporter RHNID: | chetan-rhls |
| Section title: | RBAC |
| Language: | English |
Issue description : Ch03s04 and Ch10s02 has two different tasks to give admin role to a subject :
In the G.E. define and apply permissions, step 3.3 the command used to grant admin permisions is:
oc policy add-role-to-user admin username.
but in the comprehensive review the command used to again grant admin permissions is:
oc adm policy add-cluster-role-to-user admin username.
Can you explain how the same role is used once with add-cluster-role and other time is used with add-role?
and this command too:
oc adm policy add-role-to-user admin alice -n joe-project given in the offical doc https://docs.openshift.com/container-platform/3.11/admin_guide/manage_rbac.html#:~:text=Users%20with%20the%20cluster-admin,in%20the%20Evaluating%20Authorization%20section.
for both local and cluster role bindings we will use : oc adm policy ? or for locally we can use oc policy as well ?
Also, the "Admin" role is a project specific role as per the K8 docs or OpenShift docs and cluster-admin is a cluster wide super user role -right ? There is an ambiguity and learners often confuse about this - please help in clarifying this.
Please also take a look at : https://issues.redhat.com/browse/PTL-8710 for a similar confusion.
Steps to reproduce:
Workaround:
Expected result:
