User permission issues in multi-cluster management #4345
Labels
Comments
|
/area multicluster |
|
Mount the user template on a new platform that allows users to solve the issues above. apiVersion: iam.kubesphere.io/v1beta1
kind: RoleTemplate
metadata:
name: global-get-workspace
spec:
rules:
- apiGroups:
- '*'
resources:
- workspaces
verbs:
- get
- apiGroups:
- 'resources.kubesphere.io'
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- 'iam.kubesphere.io'
resources:
- namespacemembers
- roles
verbs:
- get
- list
- watch
- apiGroups:
- '*'
resources:
- pods/exec
verbs:
- '*'
- apiGroups:
- 'apps'
resources:
- deployments
- statefulsets
- daemonsets
- replicasets
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- events
- limitranges
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- pods
- namespaces
- pods/log
- configmaps
- services
- endpoints
- persistentvolumeclaims
verbs:
- get |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
When the user role is "platform-regular" and the user is granted any permissions in the enterprise space, if there is a second cluster within a single enterprise space, the user cannot normally access projects under the second enterprise space.
Versions used(KubeSphere/Kubernetes)
KubeSphere: v4.1.2
Environment
aliyun ACK
The text was updated successfully, but these errors were encountered: