Rechercher
SupportConsoleDéveloppeursCommencer un essaiContact

Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 9. Revoking access to a ROSA cluster

download PDF

An identity provider (IDP) controls access to a Red Hat OpenShift Service on AWS (ROSA) cluster. To revoke access of a user to a cluster, you must configure that within the IDP that was set up for authentication.

9.1. Revoking administrator access using the ROSA CLI

You can revoke the administrator access of users so that they can access the cluster without administrator privileges. To remove the administrator access for a user, you must revoke the dedicated-admin or cluster-admin privileges. You can revoke the administrator privileges using the Red Hat OpenShift Service on AWS (ROSA) CLI, rosa, or using OpenShift Cluster Manager console.

9.1.1. Revoking dedicated-admin access using the ROSA CLI

You can revoke access for a dedicated-admin user if you are the user who created the cluster, the organization administrator user, or the super administrator user.

Prerequisites

  • You have added an Identity Provider (IDP) to your cluster.
  • You have the IDP user name for the user whose privileges you are revoking.
  • You are logged in to the cluster.

Procedure

  1. Enter the following command to revoke the dedicated-admin access of a user: 

    $ rosa revoke user dedicated-admin --user=<idp_user_name> --cluster=<cluster_name>

  2. Enter the following command to verify that your user no longer has dedicated-admin access. The output does not list the revoked user. 

    $ oc get groups dedicated-admins

9.1.2. Revoking cluster-admin access using the ROSA CLI

Only the user who created the cluster can revoke access for cluster-admin users.

Prerequisites

  • You have added an Identity Provider (IDP) to your cluster.
  • You have the IDP user name for the user whose privileges you are revoking.
  • You are logged in to the cluster.

Procedure

  1. Enter the following command to revoke the cluster-admin access of a user: 

    $ rosa revoke user cluster-admins --user=myusername --cluster=mycluster

  2. Enter the following command to verify that the user no longer has cluster-admin access. The output does not list the revoked user. 

    $ oc get groups cluster-admins

9.2. Revoking administrator access using OpenShift Cluster Manager console

You can revoke the dedicated-admin or cluster-admin access of users through OpenShift Cluster Manager console. Users will be able to access the cluster without administrator privileges.

Prerequisites

  • You have added an Identity Provider (IDP) to your cluster.
  • You have the IDP user name for the user whose privileges you are revoking.
  • You are logged in to OpenShift Cluster Manager console using an OpenShift Cluster Manager account that you used to create the cluster, the organization administrator user, or the super administrator user.

Procedure

  1. On the Clusters tab of OpenShift Cluster Manager, select the name of your cluster to view the cluster details.
  2. Select Access control > Cluster Roles and Access.
  3. For the user that you want to remove, click the Options menu kebab to the right of the user and group combination and click Delete.
Red Hat logoGithubRedditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez leBlog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

© 2024 Red Hat, Inc.