We have some recent issues logged against this which are related to load and the number of projects which a user can view. This [1] is a high level document which may be of interest to you on how the permissions are generated and what constitutes an 'admin user'
[1] https://github.com/openshift/origin-aggregated-logging/blob/master/docs/access-control.md#role-definitions-and-permissions On Tue, Jul 16, 2019 at 11:05 AM Shane Ripley <[email protected]> wrote: > Greetings, I have a permissions issue with Kibana that I can't seem to > figure out. I've reviewed all the settings that I can think of, but nothing > seems to be wrong. > > The domains user is the admin of several projects, and up until recently, > was able to view logs in kibana for all of its projects. I have no idea > what changed, but now I can no longer view any logs. > > [security_exception] no permissions for [indices:data/read/search] and > User [name=domains .... > > > oc describe rolebinding.rbac -n domains-dev |more > > Name: admin > Labels: <none> > Annotations: <none> > Role: > Kind: ClusterRole > Name: admin > Subjects: > Kind Name Namespace > ---- ---- --------- > User domains > > I'm at a loss as to what to check next. Other users can view logs, so the > issue seems to be limited to just the domains user. > > I've redeployed the openshift-logging project and ouath/kibana pod but > that didn't seem to help. > > Thanks. > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > --
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
