Chapter 5. Revoking privileges and access to an OpenShift Dedicated cluster
As cluster owner, you can revoke admin privileges and user access to a OpenShift Dedicated cluster.
5.1. Revoking administrator privileges from a user
Follow the steps in this section to revoke dedicated-admin
privileges from a user.
Prerequisites
- You logged in to OpenShift Cluster Manager.
- You created an OpenShift Dedicated cluster.
- You have configured a GitHub identity provider for your cluster and added an identity provider user.
-
You granted
dedicated-admin
privileges to a user.
Procedure
- Navigate to OpenShift Cluster Manager and select your cluster.
- Click the Access control tab.
- In the Cluster Roles and Access tab, select next to a user and click Delete.
Verification
-
After revoking the privileges, the user is no longer listed as part of the
dedicated-admins
group under Access controlCluster Roles and Access on the OpenShift Cluster Manager page for your cluster.
5.2. Revoking user access to a cluster
You can revoke cluster access from an identity provider user by removing them from your configured identity provider.
You can configure different types of identity providers for your OpenShift Dedicated cluster. The following example procedure revokes cluster access for a member of a GitHub organization or team that is configured for identity provision to the cluster.
Prerequisites
- You have an OpenShift Dedicated cluster.
- You have a GitHub user account.
- You have configured a GitHub identity provider for your cluster and added an identity provider user.
Procedure
- Navigate to github.com and log in to your GitHub account.
Remove the user from your GitHub organization or team:
- If your identity provider configuration uses a GitHub organization, follow the steps in Removing a member from your organization in the GitHub documentation.
- If your identity provider configuration uses a team within a GitHub organization, follow the steps in Removing organization members from a team in the GitHub documentation.
Verification
- After removing the user from your identity provider, the user cannot authenticate into the cluster.