List permission of specific user in openshift

Question

I would like to know how to list all the permission belongs to a specific user/ group.

I am using oc describe clusterrolebinding | grep <user> and but I don't think that is correct.

score 2 · Answer 1 · answered May 11 '22 at 15:45

2

Yes you can check permissions for users or groups.

For listing users

oc get users

For listing groups

oc get groups

For specific action/resource for a specific user

oc auth can-i create configmap --as=<user>

To list all permission for a specific user

oc auth can-i --as=<user> --list

Same for a groups Ex.:

oc get groups
oc auth can-i --as-group=<group> --list

answered May 11 '22 at 15:45

Sam

1

You might get `error: requesting uid, groups or user-extra for / without impersonating a user` if you specify `--as-group=` without also specifying `--as=` --> `oc auth can-i --as-group= --as= --list` – sastorsl Jan 23 '23 at 14:39

score 0 · Answer 2 · answered May 11 '22 at 06:45

0

The OpenShift CLI has some commands that you can use to get your own permissions in OpenShift:

oc auth can-i --list

If you want to check if a certain user can perform a certain operation, you can use the following command:

oc policy who-can
# Example: oc policy who-can list pods

answered May 11 '22 at 06:45

Simon

i think the `oc auth can-i --list` is the one im looking for, but can I run that command for other user? – sloweriang May 11 '22 at 06:50
`--as` option can be check a user you would like. Here is the help from the oc command : `--as='': Username to impersonate for the operation. User could be a regular user or a service account in a namespace.` – hiroyukik May 11 '22 at 23:31

2 Answers2