openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
941d1310d486905245a9801e32d40bd3116cc160
openshift-docs/modules/oadp-self-service-overview.adoc
Shruti Deshpande 941d1310d4 OADP-4001 Self-Service 
Signed-off-by: Shruti Deshpande <shdeshpa@redhat.com>
2025-05-28 20:46:38 +00:00

48 lines
3.0 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// backup_and_restore/application_backup_and_restore/oadp-self-service/oadp-self-service.adoc
:_mod-docs-content-type: CONCEPT
[id="oadp-self-service-overview_{context}"]
= About {oadp-short} Self-Service
From {oadp-short} 1.5.0 onward, you do not need the `cluster-admin` role to perform the backup and restore operations. You can use {oadp-short} with the namespace `admin` role. The namespace `admin` role has administrator access only to the namespace the user is assigned to.
You can use the Self-Service feature only after the cluster administrator installs the {oadp-short} Operator and provides the necessary permissions.
The {oadp-short} Self-Service feature provides secure self-service data protection capabilities for users without `cluster-admin` privileges while maintaining proper access controls.
The {oadp-short} cluster administrator creates a user with the namespace `admin` role and provides the necessary Role Based Access Controls (RBAC) to the user to perform {oadp-short} Self-Service actions. As this user has limited access compared to the `cluster-admin` role, this user is referred to as a namespace admin user.
As a namespace admin user, you can back up and restore applications deployed in your authorized namespace on the cluster.
{oadp-short} Self-Service offers the following benefits:
* As a cluster administrator:
** You allow namespace-scoped backup and restore operations to a namespace admin user. This means, a namespace admin user cannot access a namespace that they are not authorized to.
** You keep administrator control over non-administrator operations through `DataProtectionApplication` configuration and policies.
* As a namespace admin user:
** You can create backup and restore custom resources for your authorized namespace.
** You can create dedicated backup storage locations in your authorized namespace.
** You have secure access to backup logs and status information.
[id="oadp-self-service-overview-namespace-scope_{context}"]
= What namespace-scoped backup and restore means
{oadp-short} Self-Service ensures that namespace admin users can only operate within their authorized namespace. For example, if you do not have access to a namespace, as a namespace admin user, you cannot back up that namespace.
A namespace admin user cannot access backup and restore data of other users.
The cluster administrator enforces the access control through custom resources (CRs) that securely manage the backup and restore operations.
Additionally, the cluster administrator can control the allowed options within the CRs, restricting certain operations for added security by using `spec` enforcements in the `DataProtectionApplication` (DPA) CR.
Namespace `admin` users can perform the following Self-Service operations:
* Create and manage backups of their authorized namespaces.
* Restore data to their authorized namespaces.
* Configure their own backup storage locations.
* Check backup and restore status.
* Request retrieval of relevant logs.
View Git Blame Copy Permalink