Oc policy: Difference between revisions
Jump to navigation
Jump to search
(Created page with "=Internal= * oc =Overview= =Subcommands= ==add-role-to-user== <pre> oc policy add-role-to-user view system:serviceaccount:monitored-project:monitor-agent </pre>") |
|||
| (8 intermediate revisions by the same user not shown) | |||
| Line 7: | Line 7: | ||
=Subcommands= | =Subcommands= | ||
==add-role-to-user== | ==add-role-to-user== | ||
Add a <font color=red>local</font> [[OpenShift_Security_Concepts#Role|role]] - by creating a [[OpenShift_Security_Concepts#Binding|binding]] - to [[OpenShift_Security_Concepts#User|users]] or [[OpenShift_Security_Concepts#Service_Account|service accounts]], for the current project, or, if '-n' is used, for the specified project: | |||
oc policy add-role-to-user <''role-name''> <''user-name''|''service-account-name''> [-n <''project-name''>] | |||
oc policy add-role-to-user view system:serviceaccount:monitored-project:monitor-agent | |||
oc policy add-role-to-user edit system:serviceaccount:cicd:jenkins -n dev | |||
The last command adds a local binding in the dev project that gives the service account "cicd/jenkins" the role "edit" in project "dev". | |||
==add-role-to-group== | |||
<pre> | <pre> | ||
oc policy add-role-to- | oc policy add-role-to-group view system:serviceaccounts -n <some-project> | ||
</pre> | </pre> | ||
Latest revision as of 18:02, 1 November 2017
Internal
Overview
Subcommands
add-role-to-user
Add a local role - by creating a binding - to users or service accounts, for the current project, or, if '-n' is used, for the specified project:
oc policy add-role-to-user <role-name> <user-name|service-account-name> [-n <project-name>]
oc policy add-role-to-user view system:serviceaccount:monitored-project:monitor-agent
oc policy add-role-to-user edit system:serviceaccount:cicd:jenkins -n dev
The last command adds a local binding in the dev project that gives the service account "cicd/jenkins" the role "edit" in project "dev".
add-role-to-group
oc policy add-role-to-group view system:serviceaccounts -n <some-project>