-
Feature Request
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
-
None
-
Product / Portfolio Work
-
None
-
False
-
-
None
-
None
-
None
-
-
None
-
None
-
None
-
None
-
None
While OLMv1 follows the principle of least privilege using service accounts with custom roles and bindings, there is no standard or reusable ClusterRole provided by Red Hat for common Operators. Each user has to independently determine minimal permissions, which leads to repetitive effort and potential misconfiguration. Red Hat should provide pre-defined, reusable ClusterRoles (like the example provided for OpenShift Pipelines) for its certified Operators.
Why does we need this?
- Saves time and reduces complexity during Operator onboarding.
- Encourages consistent and secure role definitions across environments.
- Reduces chances of misconfigured permissions that may cause Operator failure.
- Improves user experience and supports enterprise-grade RBAC standardization.