7.3. Examples of granting roles to service accounts

You can grant roles to service accounts in the same way that you grant roles to a regular user account.

You can modify the service accounts for the current project. For example, to add the view role to the robot service account in the top-secret project:
```
$ oc policy add-role-to-user view system:serviceaccount:top-secret:robot
```
You can also grant access to a specific service account in a project. For example, from the project to which the service account belongs, use the -z flag and specify the <service_account_name>
```
$ oc policy add-role-to-user <role_name> -z <service_account_name>
```
重要
If you want to grant access to a specific service account in a project, use the -z flag. Using this flag helps prevent typos and ensures that access is granted to only the specified service account.
To modify a different namespace, you can use the -n option to indicate the project namespace it applies to, as shown in the following examples.
- For example, to allow all service accounts in all projects to view resources in the top-secret project:
```
$ oc policy add-role-to-group view system:serviceaccounts -n top-secret
```
- To allow all service accounts in the managers project to edit resources in the top-secret project:
```
$ oc policy add-role-to-group edit system:serviceaccounts:managers -n top-secret
```

Select Your Language