openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

adding updates as suggestedby CS for SRE access information in Approved Access

Browse Source 
fixing link in table for Approved Access

updated CS replies

updated numbers

removed number from CEE row in table
This commit is contained in:
Frances_McDonald
2024-12-12 18:20:31 +00:00
committed by openshift-cherrypick-robot
parent e19852ecd1
commit d87e9de65f
2 changed files with 27 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
modules/rosa-red-hat-support-access.adoc
View File

@@ -14,20 +14,34 @@ Members of the Red{nbsp}Hat Customer Experience and Engagement (CEE) team typica
| Role | Core namespace | Layered product namespace | Customer namespace | AWS account^*^
|OpenShift SRE| Read: All
|OpenShift SRE - Normal operations ^[1]^| Read: All
Write: Very
limited ^[1]^
limited
| Read: All
Write: None
| Read: None^[2]^
| Read: None
Write: None
|Read: All ^[3]^
|Read: None
Write: All ^[3]^
Write: None
|OpenShift SRE - Elevated Access ^[2]^ (Gated by link:https://docs.openshift.com/rosa/support/approved-access.html[Approved Access])| Read: All
Write: All
| Read: All
Write: All
| Read: All
Write: All
|Read: All
Write: All
|CEE
|Read: All
@@ -38,7 +52,7 @@ Write: None
Write: None
|Read: None^[2]^
|Read: None
Write: None
@@ -72,9 +86,9 @@ Write: None
Write: None
|Read: Limited^[4]^
|Read: Limited ^[3]^
Write: Limited^[4]^
Write: Limited ^[3]^
|Read: None
@@ -97,7 +111,6 @@ Write: None
|===
--
1. Limited to addressing common use cases such as failing deployments, upgrading a cluster, and replacing bad worker nodes.
2. Red{nbsp}Hat associates have no access to customer data by default.
3. SRE access to the AWS account is an emergency procedure for exceptional troubleshooting during a documented incident.
4. Limited to what is granted through RBAC by the Customer Administrator and namespaces created by the user.
2. Elevated access gives SRE the access levels of a cluster-admin role. See link:https://docs.openshift.com/container-platform/4.17/authentication/using-rbac.html#default-roles_using-rbac[cluster roles] for more information.
3. Limited to what is granted through RBAC by the Customer Administrator and namespaces created by the user.
--

4
support/approved-access.adoc
View File

@@ -9,7 +9,9 @@ endif::[]
toc::[]
Red{nbsp}Hat Site Reliability Engineering (SRE) typically does not require an elevated access to systems as part of normal operations to manage and support {product-title} clusters. In the unlikely event that SRE needs elevated access to systems, you can use the _Approved Access_ interface to review and _approve_ or _deny_ access to these systems.
Red{nbsp}Hat Site Reliability Engineering (SRE) typically does not require elevated access to systems as part of normal operations to manage and support {product-title} clusters. Elevated access gives SRE the access levels of a cluster-admin role. See link:https://docs.openshift.com/container-platform/4.17/authentication/using-rbac.html#default-roles_using-rbac[cluster roles] for more information.
In the unlikely event that SRE needs elevated access to systems, you can use the _Approved Access_ interface to review and _approve_ or _deny_ access to these systems.
Elevated access requests to clusters on {product-rosa} clusters and the corresponding cloud accounts can be created by SRE either in response to a customer-initiated support ticket or in response to alerts received by SRE as part of the standard incident response process.