Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 4. Authorization


4.1. Overview

This topic contains authorization tasks for application developers and their capabilities, as dictated by the cluster administrator.

4.2. Checking If Users Can Create Pods

Using the scc-review and scc-subject-review options, you can see if an individual user, or a user under a specific service account, can create or update a pod.

Using the scc-review option, you can check if a service account can create or update a pod. The command outputs the security context constraints that admit the resource.

For example, to check if a user with the system:serviceaccount:projectname:default service account can a create a pod:

$ oc policy scc-review -z system:serviceaccount:projectname:default -f my_resource.yaml

You can also use the scc-subject-review option to check whether a specific user can create or update a pod:

$ oc policy scc-subject-review -u <username> -f my_resource.yaml

To check if a user belonging to a specific group can create a pod in a specific file:

$ oc policy scc-subject-review -u <username> -g <groupname> -f my_resource.yaml

4.3. Determining What You Can Do as an Authenticated User

From within your OpenShift Container Platform project, you can determine what verbs you can perform against all namespace-scoped resources (including third-party resources).

The can-i command option tests scopes in terms of the user and role.

$ oc policy can-i --list --loglevel=8

The output helps you to determine what API request to make to gather the information.

To receive information back in a user-readable format, run:

$ oc policy can-i --list

The output provides a full list.

To determine if you can perform specific verbs, run:

$ oc policy can-i <verb> <resource>

User scopes can provide more information about a given scope. For example:

$ oc policy can-i <verb> <resource> --scopes=user:info
Red Hat logoGithubRedditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

© 2024 Red Hat, Inc.