|
| 1 | +:_mod-docs-content-type: ASSEMBLY |
| 2 | +[id="cloud-experts-getting-started-admin-rights"] |
| 3 | += Tutorial: Granting admin privileges |
| 4 | +include::_attributes/attributes-openshift-dedicated.adoc[] |
| 5 | +:context: cloud-experts-getting-started-admin-rights |
| 6 | + |
| 7 | +toc::[] |
| 8 | + |
| 9 | +//rosaworkshop.io content metadata |
| 10 | +//Brought into ROSA product docs 2023-11-30 |
| 11 | + |
| 12 | +Administration (admin) privileges are not automatically granted to users that you add to your cluster. If you want to grant admin-level privileges to certain users, you will need to manually grant them to each user. You can grant admin privileges from either the ROSA command line interface (CLI) or the Red Hat OpenShift Cluster Manager web user interface (UI). |
| 13 | + |
| 14 | +Red Hat offers two types of admin privileges: |
| 15 | + |
| 16 | +* `cluster-admin`: `cluster-admin` privileges give the admin user full privileges within the cluster. |
| 17 | +
|
| 18 | +* `dedicated-admin`: `dedicated-admin` privileges allow the admin user to complete most administrative tasks with certain limitations to prevent cluster damage. It is best practice to use `dedicated-admin` when elevated privileges are needed. |
| 19 | +
|
| 20 | +For more information on admin privileges, see the xref:../../rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc#rosa-create-cluster-admins_rosa-sts-accessing-cluster[administering a cluster] documentation. |
| 21 | + |
| 22 | +== Using the ROSA CLI |
| 23 | + |
| 24 | +. Assuming you are the user who created the cluster, run one of the following commands to grant admin privileges: |
| 25 | ++ |
| 26 | +* For `cluster-admin`: |
| 27 | ++ |
| 28 | +[source,terminal] |
| 29 | +---- |
| 30 | +$ rosa grant user cluster-admin --user <idp_user_name> --cluster=<cluster-name> |
| 31 | +---- |
| 32 | ++ |
| 33 | +* For `dedicated-admin`: |
| 34 | ++ |
| 35 | +[source,terminal] |
| 36 | +---- |
| 37 | +$ rosa grant user dedicated-admin --user <idp_user_name> --cluster=<cluster-name> |
| 38 | +---- |
| 39 | + |
| 40 | +. Verify that the admin privileges were added by running the following command: |
| 41 | ++ |
| 42 | +[source,terminal] |
| 43 | +---- |
| 44 | +$ rosa list users --cluster=<cluster-name> |
| 45 | +---- |
| 46 | ++ |
| 47 | +.Example output |
| 48 | ++ |
| 49 | +[source,terminal] |
| 50 | +---- |
| 51 | +$ rosa list users --cluster=my-rosa-cluster |
| 52 | +ID GROUPS |
| 53 | +<idp_user_name> cluster-admins |
| 54 | +---- |
| 55 | + |
| 56 | +. If you are currently logged into the Red Hat console, log out of the console and log back in to the cluster to see a new perspective with the "Administrator Panel". You might need an incognito or private window. |
| 57 | ++ |
| 58 | +image:cloud-experts-getting-started-admin-rights-admin-panel.png[] |
| 59 | + |
| 60 | +. You can also test that admin privileges were added to your account by running the following command. Only a `cluster-admin` users can run this command without errors. |
| 61 | ++ |
| 62 | +[source,terminal] |
| 63 | +---- |
| 64 | +$ oc get all -n openshift-apiserver |
| 65 | +---- |
| 66 | + |
| 67 | +== Using the Red Hat OpenShift Cluster Manager UI |
| 68 | + |
| 69 | +. Log in to the link:https://console.redhat.com/openshift[Red Hat OpenShift Cluster Manager console]. |
| 70 | +. Select your cluster. |
| 71 | +. Click the *Access Control* tab. |
| 72 | +. Click the *Cluster roles and Access* tab in the sidebar. |
| 73 | +. Click *Add user*. |
| 74 | ++ |
| 75 | +image::cloud-experts-getting-started-admin-rights-access-control.png[] |
| 76 | + |
| 77 | +. On the pop-up screen, enter the user ID. |
| 78 | +. Select whether you want to grant the user `cluster-admins` or `dedicated-admins` privileges. |
| 79 | ++ |
| 80 | +image::cloud-experts-getting-started-admin-rights-add-user2.png[] |
0 commit comments