On Mon, Dec 18, 2017 at 5:17 AM, Yu Wei <[email protected]> wrote: > Hi, > > I have several questions about user and authorization management. > > 1, How could I remove user from project? > > > > > > > > > > > > > > > *[root@host-10-1-236-92 gpu-test]# oc login -u test1 -p test1 Login > successful. You have access to the following projects and can switch > between them with 'oc project <projectname>': * aura test1 Using > project "aura". [root@host-10-1-236-92 gpu-test]# oc project aura Already > on project "aura" on server "https://10.1.241.54:8443 > <https://10.1.241.54:8443>". [root@host-10-1-236-92 gpu-test]# oc get > rolebindings Error from server (Forbidden): User "test1" cannot list > rolebindings in project "aura"* > > How should I remove user "test1" from project "aura"? >
How did you get added to the "aura" project? If you can't view role bindings, then you likely don't have the "view" role and you have been given a more constrained role. You'd need to ask the person who added you in that case. > And how could I find which users belongs to project "aura"? > You can see which users have been added with explicit roles by doing "oc get rolebindings". You can see who can view the namespace by running "oc policy who-can get namespace aura" if you have sufficient permissions. > > 2, basic-user > > When should "basic-user" be used? It seems that basic-user is cluster > wide. Is my understanding right? > There are two types of role bindings - namespace scoped role bindings (rolebindings) and cluster scoped role bindings (clusterrolebindings). If you add someone to a clusterrolebinding they have that role on all namespaces in the cluster. If you add someone with a rolebinding, they only have that permission on the namespace the rolebinding is created in. > > 3, user created automatically > > When issues the instructions "oc login -u test2 -p test2", user > "test2" is to be created automatically. > > After user creation, which project does created user belong to? > None, unless you grant a clusterrolebinding to a group and the new user is in that group. > > Thanks, > > Jared, (韦煜) > Software developer > Interested in open source software, big data, Linux > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
