Loading...

XML

Word

Printable

Type: Feature Request
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: Hosted Control Planes
Labels:
None

Target Version:
None
Activity Type:
Future Sustainability
Status Summary:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Products:
None
Hierarchy Progress Bar:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Review Complete:
None
PX Impact Score:
PX Impact Range:
None
PX Priority Data:
None
PX Technical Impact:
None
PX Technical Impact Notes:
None
PX Scheduling Request:
None

Fine-grained roles for hosted cluster resources

I propose that the hypershift operator comes with some pre-defined roles so that users can bind users, groups and service accounts to specific roles to achieve fine-grained RBAC to manage a fleet of hosted clusters.

For example, there should be 3 different roles that have difference access levels.

view
edit
admin

There could be different personas with these roles like:

hosted cluster viewer, editor, admin
nodepool viewer, editor, admin
etc

ACM is developing a unified way to manage remote cluster infrastructure resources such as OpenShift Virtualization VMs, hosted clusters, etc and having these pre-defined roles will help ACM and any individual that want to establish fine-grained RBAC for the users and admins in the organization.

is caused by

OCPSTRAT-2097 HCP Fine-Grained RBAC Roles to support ACM Central Management of HCP

Backlog

relates to

ACM-14714 As a cluster service provider, I want to create, update and delete hosted clusters from a remote hub

Assignee:: Ramon Acedo

Reporter:: Roke Jung

Need Info From:: None

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/03/19 6:31 PM

Updated:: 2025/06/27 10:36 AM

Target start:: None

Target end:: None

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates