How to add cluster-admin or dedicated-admin role to a group in OSD/ROSA

Resolution

Disclaimer: Links contained herein to external website(s) are provided for convenience only. Red Hat has not reviewed the links and is not responsible for the content or its availability. The inclusion of any link to an external website does not imply endorsement by Red Hat of the website or their entities, products or services. You agree that Red Hat is not responsible or liable for any loss or expenses that may result due to your use of (or reliance on) the external site or content.

It's not possible to add roles to a group through the OCM console or the rosa CLI directly, but there are some workarounds:

Add a role to a list of users

Using the rosa cli, it's possible to use an script to grant the permissions to several users with the following command:

$ rosa grant user [role_name] --user=[idp_user_name] --cluster=[cluster_name]

Refer to Granting cluster-admin access and Granting dedicated-admin access for additional information.

Add a role to a group and sync the group

It's possible to add a role or a clusterrole to a group using the oc CLI:

$ oc adm policy add-role-to-group [role_name] [group_name]

$ oc adm policy add-cluster-role-to-group [role_name] [group_name]

And sync the LDAP groups in OCP following the documentation for Syncing LDAP groups.

Note: It's possible to use the Group Sync Operator, but note that this is a community operator not supported by Red Hat support.