OpenShift Security Concepts: Difference between revisions
Jump to navigation
Jump to search
(→User) |
|||
Line 16: | Line 16: | ||
Most system users are created automatically when the infrastructure is defined, for the purpose of enabling the infrastructure to interact with the API securely. System users include: | Most system users are created automatically when the infrastructure is defined, for the purpose of enabling the infrastructure to interact with the API securely. System users include: | ||
===The Cluster Administrator=== | |||
The cluster administrator has access to everything. | |||
<font color=red>"system:admin"</font> | |||
===Per-Node User=== | |||
=Group= | =Group= |
Revision as of 20:03, 5 July 2017
External
Internal
User
Interaction with OpenShift is associated with a user. The users are internally represented with an User object, which in turn represents an actor. Permissions can be given to actors in the system by adding roles to them, or their groups. There are several user types:
Regular User
Regular users are created upon login or via the API.
System User
Most system users are created automatically when the infrastructure is defined, for the purpose of enabling the infrastructure to interact with the API securely. System users include:
The Cluster Administrator
The cluster administrator has access to everything.
"system:admin"
Per-Node User
Group
Authentication
Authentication Methods
Identity Providers
Authorization
Security Context Constraints
OpenShift uses Security Context Constraints (SCCs) to control the actions that a pod can perform and what it has the ability to access.