mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
43 lines
1.6 KiB
Plaintext
43 lines
1.6 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * tutorials/dev-app-web-console.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="getting-started-web-console-granting-permissions_{context}"]
|
|
= Granting view permissions
|
|
|
|
[role="_abstract"]
|
|
Configure the necessary permissions for the application to access the required cluster resources.
|
|
|
|
{product-title} automatically creates several service accounts in every project. The `default` service account takes responsibility for running the pods. {product-title} uses and injects this service account into every pod that launches.
|
|
|
|
By default, the `default` service account has limited permissions to interact with the OpenShift API.
|
|
|
|
As a requirement of the application, you must assign the `view` role to the `default` service account to allow it to communicate with the OpenShift API to learn about pods, services, and resources within the project.
|
|
|
|
.Prerequisites
|
|
|
|
* You have `cluster-admin` or project-level `admin` privileges.
|
|
|
|
.Procedure
|
|
|
|
. Navigate to *User Management* -> *RoleBindings*.
|
|
. Click *Create binding*.
|
|
. In the *Name* field, enter `sa-user-account`.
|
|
. In the *Namespace* field, search for and select `user-getting-started`.
|
|
+
|
|
[IMPORTANT]
|
|
====
|
|
If you are using a different project, select the name of your project.
|
|
====
|
|
. In the *Role name* field, search for and select `view`.
|
|
. Under *Subject*, select `ServiceAccount`.
|
|
. In the *Subject namespace* field, search for and select `user-getting-started`.
|
|
+
|
|
[IMPORTANT]
|
|
====
|
|
If you are using a different project, select the name of your project.
|
|
====
|
|
. In the *Subject name* field, enter `default`.
|
|
. Click *Create*.
|