6.6. 向用户添加角色
可以使用 oc adm 管理员 CLI 管理角色和绑定。
将角色绑定或添加到用户或组可让用户或组具有该角色授予的访问权限。您可以使用 oc adm policy 命令向用户和组添加和移除角色。
您可以将任何默认集群角色绑定到项目中的本地用户或组。
流程
向指定项目中的用户添加角色:
$ oc adm policy add-role-to-user <role> <user> -n <project>
例如,您可以运行以下命令,将
admin角色添加到joe项目中的alice用户:$ oc adm policy add-role-to-user admin alice -n joe
查看本地角色绑定,并在输出中验证添加情况:
$ oc describe rolebinding.rbac -n <project>
例如,查看
joe项目的本地角色绑定:$ oc describe rolebinding.rbac -n joe Name: admin Labels: <none> Annotations: <none> Role: Kind: ClusterRole Name: admin Subjects: Kind Name Namespace ---- ---- --------- User kube:admin Name: admin-0 Labels: <none> Annotations: <none> Role: Kind: ClusterRole Name: admin Subjects: Kind Name Namespace ---- ---- --------- User alice 1 Name: system:deployers Labels: <none> Annotations: openshift.io/description: Allows deploymentconfigs in this namespace to rollout pods in this namespace. It is auto-managed by a controller; remove subjects to disa... Role: Kind: ClusterRole Name: system:deployer Subjects: Kind Name Namespace ---- ---- --------- ServiceAccount deployer joe Name: system:image-builders Labels: <none> Annotations: openshift.io/description: Allows builds in this namespace to push images to this namespace. It is auto-managed by a controller; remove subjects to disable. Role: Kind: ClusterRole Name: system:image-builder Subjects: Kind Name Namespace ---- ---- --------- ServiceAccount builder joe Name: system:image-pullers Labels: <none> Annotations: openshift.io/description: Allows all pods in this namespace to pull images from this namespace. It is auto-managed by a controller; remove subjects to disable. Role: Kind: ClusterRole Name: system:image-puller Subjects: Kind Name Namespace ---- ---- --------- Group system:serviceaccounts:joe- 1
alice用户已添加到adminsRoleBinding。
