openshift-docs/modules/understanding-admin-roles.adoc

// Module included in the following assemblies:
//
// * osd_cluster_admin/osd-admin-roles.adoc

:_mod-docs-content-type: CONCEPT
[id="understanding-admin-roles_{context}"]
= Understanding administration roles

== The cluster-admin role
As an administrator of an {product-title} cluster with Customer Cloud Subscriptions (CCS), you have access to the `cluster-admin` role. The user who created the cluster can add the `cluster-admin` user role to an account to have the maximum administrator privileges. These privileges are not automatically assigned to your user account when you create the cluster. While logged in to an account with the cluster-admin role, users have mostly unrestricted access to control and configure the cluster. There are some configurations that are blocked with webhooks to prevent destabilizing the cluster, or because they are managed in {cluster-manager-url} and any in-cluster changes would be overwritten. Usage of the cluster-admin role is subject to the restrictions listed in your Appendix 4 agreement with Red Hat. As a best practice, limit the number of `cluster-admin` users to as few as possible.


== The dedicated-admin role
As an administrator of an {product-title} cluster, your account has additional permissions and access to all user-created projects in your organization’s cluster. While logged in to an account with the `dedicated-admin` role, the developer CLI commands (under the `oc` command) allow you increased visibility and management capabilities over objects across projects, while the administrator CLI commands (under the `oc adm` command) allow you to complete additional operations.

[NOTE]
====
While your account does have these increased permissions, the actual cluster maintenance and host configuration is still performed by the OpenShift Operations Team.
====
// TODO: this is the only reference to the "OpenShift Operations Team". Should this be that SRE team?