6.6. 向用户添加角色

可以使用 oc adm 管理员 CLI 管理角色和绑定。

将角色绑定或添加到用户或组可让用户或组具有该角色授予的访问权限。您可以使用 oc adm policy 命令向用户和组添加和移除角色。

您可以将任何默认集群角色绑定到项目中的本地用户或组。

流程

向指定项目中的用户添加角色：
```
oc adm policy add-role-to-user <role> <user> -n <project>
```
```
$ oc adm policy add-role-to-user <role> <user> -n <project>
```
Copy to Clipboard Toggle word wrap
例如，您可以运行以下命令，将 admin 角色添加到 joe 项目中的 alice 用户：
```
oc adm policy add-role-to-user admin alice -n joe
```
```
$ oc adm policy add-role-to-user admin alice -n joe
```
Copy to Clipboard Toggle word wrap

查看本地角色绑定，并在输出中验证添加情况：

oc describe rolebinding.rbac -n <project>

$ oc describe rolebinding.rbac -n <project>

Copy to Clipboard

Toggle word wrap

例如，查看 joe 项目的本地角色绑定：

oc describe rolebinding.rbac -n joe

$ oc describe rolebinding.rbac -n joe
Name:         admin
Labels:       <none>
Annotations:  <none>
Role:
  Kind:  ClusterRole
  Name:  admin
Subjects:
  Kind  Name        Namespace
  ----  ----        ---------
  User  kube:admin


Name:         admin-0
Labels:       <none>
Annotations:  <none>
Role:
  Kind:  ClusterRole
  Name:  admin
Subjects:
  Kind  Name   Namespace
  ----  ----   ---------
  User  alice




Name:         system:deployers
Labels:       <none>
Annotations:  openshift.io/description:
                Allows deploymentconfigs in this namespace to rollout pods in
                this namespace.  It is auto-managed by a controller; remove
                subjects to disa...
Role:
  Kind:  ClusterRole
  Name:  system:deployer
Subjects:
  Kind            Name      Namespace
  ----            ----      ---------
  ServiceAccount  deployer  joe


Name:         system:image-builders
Labels:       <none>
Annotations:  openshift.io/description:
                Allows builds in this namespace to push images to this
                namespace.  It is auto-managed by a controller; remove subjects
                to disable.
Role:
  Kind:  ClusterRole
  Name:  system:image-builder
Subjects:
  Kind            Name     Namespace
  ----            ----     ---------
  ServiceAccount  builder  joe


Name:         system:image-pullers
Labels:       <none>
Annotations:  openshift.io/description:
                Allows all pods in this namespace to pull images from this
                namespace.  It is auto-managed by a controller; remove subjects
                to disable.
Role:
  Kind:  ClusterRole
  Name:  system:image-puller
Subjects:
  Kind   Name                                Namespace
  ----   ----                                ---------
  Group  system:serviceaccounts:joe

Copy to Clipboard

Toggle word wrap

1: alice 用户已添加到 admins RoleBinding。

返回顶部

6.6. 向用户添加角色

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links