Hi We want to disable default project creation by authenticated users and let it delegate to a user. All users should to go a central provision system and ask for project, project quota, and provided admin/edit/viewers members. Once project was created, quota’s were setup and add appropriate admin/edit and viewers, authenticated user can create apps themselves. Essentially we want to control initial project, quota , project members
We don’t’ want to give cluster-admin and admin to this generic user being used by orchestration system and limit its capabilities by using OSE 3.x roles features. This is my understanding : oadm policy remove-cluster-role-from-group self-provisioner system:authenticated oadm policy add-cluster-role-to-user self-provisioner <robot user> Questions; What other roles needed by robot user to setup quotas on projects, add users to admin/edit and viewers to projects ?? oc describe clusterPolicyBindings :default command listing existing roles starting system-* but not sure which roles really required to perform above jobs. Can you help here? -- Srinivas Kotaru
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
