SRE Access to Azure Red hat OpenShift (ARO)
Environment
- Azure Red Hat OpenShift (ARO)
- 4
- OpenShift Managed (Azure)
- 4
- Red Hat OpenShift Cluster Manager (OCM)
- Red Hat Customer Portal
Issue
- For ARO JIT Access can SRE uses Tokens?
- What method of access do SRE use?
- In ARO can user's also use JIT Access?
- Could you share the Tokens used by SRE?
- Can users use same JIT tooling as SRE?
- Is ARO supported to use the JIW with Privileged Identity Management (PIM)?
Resolution
- SRE can access an ARO cluster by requesting an elevation of their permission through a JIT query.
- Not all accesses require JIT. Read only accesses do not require JIT, but they are all audited as all accesses are done via the ARO RP.
- Users cannot use JIT Tokens in ARO.
- Tooling used by SRE are confidential.
- Limitations of JIW with Privileged Identity Management in ARO context are unknown as of now.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments