66 annotations :
77 authorization.openshift.io/system-only : " true"
88 openshift.io/description : A super-user that can perform any action in the cluster.
9- When granted to a user within a local policy , they have full control over
10- quota and roles and every action on every resource in the project.
9+ When granted to a user within a project , they have full control over quota
10+ and membership and can perform every action on every resource in the project.
1111 creationTimestamp : null
1212 name : cluster-admin
1313 rules :
@@ -496,11 +496,8 @@ items:
496496 kind : ClusterRole
497497 metadata :
498498 annotations :
499- openshift.io/description : A project manager. If used in a local binding, an
500- admin user will have rights to view any resource in the project and modify
501- any resource in the project except for role creation and quota. If the cluster-admin
502- wants to allow an admin to modify roles, the cluster-admin must create a project-scoped
503- Policy object.
499+ openshift.io/description : A user that has edit rights within the project and
500+ can change the project's membership.
504501 creationTimestamp : null
505502 name : admin
506503 rules :
@@ -908,8 +905,8 @@ items:
908905 kind : ClusterRole
909906 metadata :
910907 annotations :
911- openshift.io/description : A user that can modify most objects in a project,
912- but does not have the power to view or modify roles or bindings .
908+ openshift.io/description : A user that can create and edit most objects in a
909+ project, but can not update the project's membership .
913910 creationTimestamp : null
914911 name : edit
915912 rules :
@@ -1254,9 +1251,8 @@ items:
12541251 kind : ClusterRole
12551252 metadata :
12561253 annotations :
1257- openshift.io/description : A user who cannot make any modifications, but can
1258- see most objects in a project. They cannot view or modify roles or bindings
1259- or secrets.
1254+ openshift.io/description : A user who can view but not edit any resources within
1255+ the project. They can not view secrets or membership.
12601256 creationTimestamp : null
12611257 name : view
12621258 rules :
@@ -1639,6 +1635,8 @@ items:
16391635- apiVersion : v1
16401636 kind : ClusterRole
16411637 metadata :
1638+ annotations :
1639+ openshift.io/description : Grants the right to pull images from within a project.
16421640 creationTimestamp : null
16431641 name : system:image-puller
16441642 rules :
@@ -1652,6 +1650,9 @@ items:
16521650- apiVersion : v1
16531651 kind : ClusterRole
16541652 metadata :
1653+ annotations :
1654+ openshift.io/description : Grants the right to push and pull images from within
1655+ a project.
16551656 creationTimestamp : null
16561657 name : system:image-pusher
16571658 rules :
@@ -1666,6 +1667,9 @@ items:
16661667- apiVersion : v1
16671668 kind : ClusterRole
16681669 metadata :
1670+ annotations :
1671+ openshift.io/description : Grants the right to build, push and pull images from
1672+ within a project. Used primarily with service accounts for builds.
16691673 creationTimestamp : null
16701674 name : system:image-builder
16711675 rules :
@@ -1789,6 +1793,9 @@ items:
17891793- apiVersion : v1
17901794 kind : ClusterRole
17911795 metadata :
1796+ annotations :
1797+ openshift.io/description : Grants the right to deploy within a project. Used
1798+ primarily with service accounts for automated deployments.
17921799 creationTimestamp : null
17931800 name : system:deployer
17941801 rules :
0 commit comments