One minute
OpenShift RBAC CLI
OCP has two groups, cluster roles and local roles.
Cluster Role - users or groups can manage the OCP Local Role - users or groups can only manage at project level
To see all cluster roles
$ oc get clusterroles
To add a cluster role to a user
$ oc adm policy add-cluster-role-to-user <cluster-role> <username>
To change a regular user to a cluster administrator
$ oc adm policy add-cluster-role-to-user cluster-admin <username>
To remove cluster role from a user
$ oc adm policy remove-cluster-role-from-user <cluster-role> <username>
To change cluster administrator to regular user
$ oc adm policy remove-cluster-role-from-user cluster-admin <username>
To add role to a user
$ oc adm policy add-role-to-user <role-name> <username> -n <project>
For cluster role bindings
$ oc get clusterrolebinding -o wide | grep -E 'NAME|<cluster_role_binding'
$ oc describe clusterrolebindings <cluster_role_binding>
$ oc adm policy remove-cluster-role-from-group <cluster_rome_binding> <virtual_group>
Groups:
To create group
$ oc adm groups new <group_name>
To add user to group
$ oc adm groups add-users <group_name> <username>
To review all groups
$ oc get groups
