Bartosz Bierkowski - Low dose cloud

OpenShift Morsels: check your user’s permissions

On day #14 lets have a look how to discover what permissions are granted to our account.

In previous post  OpenShift Morsels: login as a service account I described how to login as service account and explore the cluster resources through its eyes. Today I would like to share how you can check quickly what permissions in the project you have.

The simplest approach to do that is to execute the command below

The OpenShift security model follows the one from Kubernetes (obviously). In the command you can ask if you are allowed to perform action (verb) on the resource.

Asking about specific action is now straightforward.

The answers, however, surprised me. What do you mean I can’t list deployment configs? Then I realised that I am still logged in as deployer service account and my actions are very limited.

In case of the deployer service account, we don’t have to much to do. This service account will not see any projects and you will not be able to switch to any of them, so you will have to explicitly specify the namespace when executing the command. In my case the project is called constellation.

After logging in as your personal user to minishift and executing the first command, you will see much longer list of permissions.

That is one of the ways to discover the permissions that are granted to your user. The good thing is that you get the final list of all permissions and then you can check if it does not grant too much. This is especially important if you use service account and want to make sure that only required permissions are granted.

Environment

The commands were executed using minishift and the following client/server versions of OpenShift.

Client:
oc v3.6.1+008f2d5
client kubernetes v1.6.1+5115d708d7
Server:
openshift v3.6.0+c4dd4cf
server kubernetes v1.6.1+5115d708d7

Newsletter

Thanks for reading the OpenShift morsels. To get updates about new articles, you can sign up to the newsletter below.

As a thank you message, you will also get access to OpenShift CLI CheatSheet listing most commonly used commands together with a short explanation.

Did you like the article?
Join the newsletter to receive notifications about new articles.
I respect your privacy.