openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 03:47:04 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/support/approved-access.adoc
Andrea Hoffer 22ecbb3d18 OSDOCS#17381: Adding blank lines after includes
2025-11-20 17:24:32 +00:00

33 lines
2.4 KiB
Plaintext
Raw Permalink Blame History

:_mod-docs-content-type: ASSEMBLY
[id="approved-access"]
= Approved Access
include::_attributes/common-attributes.adoc[]
ifdef::openshift-dedicated[]
include::_attributes/attributes-openshift-dedicated.adoc[]
endif::[]
:context: approved-access
toc::[]
Red{nbsp}Hat Site Reliability Engineering (SRE) typically does not require elevated access to systems as part of normal operations to manage and support {product-title} clusters. Elevated access gives SRE the access levels of a cluster-admin role. See link:https://docs.openshift.com/container-platform/latest/authentication/using-rbac.html#default-roles_using-rbac[cluster roles] for more information.
In the unlikely event that SRE needs elevated access to systems, you can use the _Approved Access_ interface to review and _approve_ or _deny_ access to these systems.
Elevated access requests to clusters on {product-rosa} clusters and the corresponding cloud accounts can be created by SRE either in response to a customer-initiated support ticket or in response to alerts received by SRE as part of the standard incident response process.
When _Approved Access_ is enabled and an SRE creates an access request, _cluster owners_ receive an email notification informing them of a new access request. The email notification contains a link allowing the cluster owner to quickly approve or deny the access request. You must respond in a timely manner otherwise there is a risk to your SLA for {product-rosa}.
* If customers require additional users that are not the cluster owner to receive the email, they can xref:../rosa_cluster_admin/rosa-cluster-notifications.adoc#add-notification-contact_rosa-cluster-notifications[add notification cluster contacts].
* Pending access requests are available in the {hybrid-console-second} on the clusters list or *Access Requests* tab on the cluster overview for the specific cluster.
[NOTE]
====
Denying an access request requires you to complete the *Justification* field. In this case, SRE can not directly act on the resources related to the incident. Customers can still use the link:https://access.redhat.com/support/cases/#/case/list[*Customer Support*] to help investigate and resolve any issues.
====
include::modules/support-submitting-a-case-enable-approved-access.adoc[leveloffset=+1]
include::modules/support-reviewing-an-access-request-from-an-email-notification.adoc[leveloffset=+1]
include::modules/support-reviewing-an-access-request-from-the-hybrid-console.adoc[leveloffset=+1]
View Git Blame Copy Permalink