openshift-docs/modules/oadp-self-service-namespace-permissions.adoc

// Module included in the following assemblies:
//
// backup_and_restore/application_backup_and_restore/oadp-self-service/oadp-self-service.adoc

:_mod-docs-content-type: REFERENCE
[id="oadp-self-service-namespace-permissions_{context}"]
= {oadp-short} Self-Service namespace permissions

As a cluster administrator, ensure that a namespace admin user has editor roles assigned for the following list of objects in their namespace. These objects ensure that a namespace admin user can perform the backup and restore operations in their namespace.

* `nonadminbackups.oadp.openshift.io`
* `nonadminbackupstoragelocations.oadp.openshift.io`
* `nonadminrestores.oadp.openshift.io`
* `nonadmindownloadrequests.oadp.openshift.io`

For more details on the namespace `admin` role, see link:https://docs.redhat.com/en/documentation/openshift_container_platform/{product-version}/html/authentication_and_authorization/using-rbac#default-roles_using-rbac[Default cluster roles].

A cluster administrator can also define their own specifications so that users can have rights similar to `project` or namespace `admin` roles.

[id="oadp-self-service-yaml-backup-operation_{context}"]
== Example RBAC YAML for backup operation

See the following RBAC YAML file example with namespace permissions for a namespace `admin` user to perform a backup operation.

.Example RBAC
[source,yaml]
----
...
- apiGroups:
      - oadp.openshift.io
    resources:
      - nonadminbackups
      - nonadminrestores
      - nonadminbackupstoragelocations
      - nonadmindownloadrequests
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch
  - apiGroups:
      - oadp.openshift.io
    resources:
      - nonadminbackups/status
      - nonadminrestores/status
    verbs:
      - get
----