Merge pull request #86238 from fmcdonal/OSDOCS-12393

EricPonvelle · web-flow · commit 35c06fa89be3 · 2024-12-17T09:27:47.000-05:00
OSDOCS-12393: Approved Access updates for SRE access information
diff --git a/modules/rosa-red-hat-support-access.adoc b/modules/rosa-red-hat-support-access.adoc
@@ -14,20 +14,34 @@ Members of the Red{nbsp}Hat Customer Experience and Engagement (CEE) team typica
 
 | Role | Core namespace | Layered product namespace | Customer namespace | AWS account^*^
 
-|OpenShift SRE| Read: All
+|OpenShift SRE - Normal operations ^[1]^| Read: All
 
 Write: Very
 
-limited ^[1]^
+limited
 | Read: All
 
 Write: None
-| Read: None^[2]^
+| Read: None
 
 Write: None
-|Read: All ^[3]^
+|Read: None
+
+Write: None
+
+|OpenShift SRE - Elevated Access ^[2]^ (Gated by link:https://docs.openshift.com/rosa/support/approved-access.html[Approved Access])| Read: All
+
+Write: All
+
+| Read: All
 
-Write: All ^[3]^
+Write: All
+| Read: All
+
+Write: All
+|Read: All
+
+Write: All
 
 |CEE
 |Read: All
@@ -38,7 +52,7 @@ Write: None
 
 Write: None
 
-|Read: None^[2]^
+|Read: None
 
 Write: None
 
@@ -72,9 +86,9 @@ Write: None
 
 Write: None
 
-|Read: Limited^[4]^
+|Read: Limited ^[3]^
 
-Write: Limited^[4]^
+Write: Limited ^[3]^
 
 |Read: None
 
@@ -97,7 +111,6 @@ Write: None
 |===
 --
 1. Limited to addressing common use cases such as failing deployments, upgrading a cluster, and replacing bad worker nodes.
-2. Red{nbsp}Hat associates have no access to customer data by default.
-3. SRE access to the AWS account is an emergency procedure for exceptional troubleshooting during a documented incident.
-4. Limited to what is granted through RBAC by the Customer Administrator and namespaces created by the user.
+2. Elevated access gives SRE the access levels of a cluster-admin role. See link:https://docs.openshift.com/container-platform/4.17/authentication/using-rbac.html#default-roles_using-rbac[cluster roles] for more information.
+3. Limited to what is granted through RBAC by the Customer Administrator and namespaces created by the user.
 --
diff --git a/support/approved-access.adoc b/support/approved-access.adoc
@@ -9,7 +9,9 @@ endif::[]
 
 toc::[]
 
-Red{nbsp}Hat Site Reliability Engineering (SRE) typically does not require an elevated access to systems as part of normal operations to manage and support {product-title} clusters. In the unlikely event that SRE needs elevated access to systems, you can use the _Approved Access_ interface to review and _approve_ or _deny_ access to these systems.
+Red{nbsp}Hat Site Reliability Engineering (SRE) typically does not require elevated access to systems as part of normal operations to manage and support {product-title} clusters. Elevated access gives SRE the access levels of a cluster-admin role. See link:https://docs.openshift.com/container-platform/4.17/authentication/using-rbac.html#default-roles_using-rbac[cluster roles] for more information.
+
+In the unlikely event that SRE needs elevated access to systems, you can use the _Approved Access_ interface to review and _approve_ or _deny_ access to these systems.
 
 Elevated access requests to clusters on {product-rosa} clusters and the corresponding cloud accounts can be created by SRE either in response to a customer-initiated support ticket or in response to alerts received by SRE as part of the standard incident response process.
 
