Cluster Role assigned to Group does not grant permissions assigned by Role
Issue
- After using LDAP Group Sync to generate Openshift based groups, users assigned to the group are not given the cluster-admin permission assigned by the role.
Used the LDAPSyncConfig with a groupUIDNameMapping in order to assign the openshift group "Administrators". Able to see the Administrators group inoc get groups
output, then attempted to assign the group the rolecluster-admin
with the following command:
# oc adm policy add-cluster-role-to-group cluster-admin Administrators
Environment
- OpenShift Container Platform
- 3.11
- 4.X
- LDAP
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.