Uploaded image for project: 'Red Hat Advanced Cluster Security'
  1. Red Hat Advanced Cluster Security
  2. ROX-31092

Policy docs: missing explanation of "Minimum RBAC Permissions" meaning

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • 4.8.0
    • Documentation
    • None
    • Incidents & Support
    • False
    • Hide

      None

      Show
      None
    • False

      (This bug was reported by a customer via sluetzen )

      Current documentation (4.8) says:

      Match if the deployment’s Kubernetes service account has Kubernetes RBAC permission level equal to = or greater than > the specified level.

      And lists the options as one of:

      DEFAULT
      ELEVATED_IN_NAMESPACE
      ELEVATED_CLUSTER_WIDE
      CLUSTER_ADMIN

      While these field names provide a hint of what they are supposed to represent, the description lacks the actual explanation of those fields. For example is that a direct mapping to Kubernetes values, or it that synthesized by ACS to represent a more holistic evaluation, and if so, what the logic is.
       

              kcarmich@redhat.com Kerry Carmichael
              bmichael@redhat.com Boaz Michaely
              Steffen Lützenkirchen
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated: