Checking who can perform certain actions in OpenShift cluster
Issue
- Someone deleted a deployment configuration, project, namespace, etc
- Please help us find out who modified one of the projects
- How do I know who can make changes to my project?
- Can I check audit logging retroactively?
- When trying to prune it fails with error:
# oc --token=$(oc sa get-token registry) adm prune images
Error from server (Forbidden): pods is forbidden: User "system:serviceaccount:default:registry" cannot list pods at the cluster scope: no RBAC policy matched
Environment
- Red Hat OpenShift Container Platform
- 3.X
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.