Extending the default access level for tenant members#
Bill as the cluster admin wants to extend the default access for tenant members. As an admin of an OpenShift Cluster, Bill can extend the admin, edit, and view ClusterRole using aggregation. Bill will first create a ClusterRole with privileges to resources which Bill wants to extend. Bill will add the aggregation label to the newly created ClusterRole for extending the default ClusterRoles provided by OpenShift.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: extend-view-role
labels:
rbac.authorization.k8s.io/aggregate-to-view: 'true'
rules:
- verbs:
- get
- list
- watch
apiGroups:
- user.openshift.io
resources:
- groups
Note: You can learn more about
aggregated-cluster-roleshere