User roles mapping in Engineering Lifecycle Management on Hybrid Cloud
The following information helps to understand the various processes in Engineering Lifecycle Management on Hybrid Cloud and required user roles to access the processes.
Red Hat® OpenShift® uses an identity provider to validate the usernames and passwords against an LDAPv3 server by using simple bind authentication. You can set up the an identity provider by using Configuring an LDAP identity provider. In the Red Hat OpenShift, you can define and apply the permissions at cluster and project levels and bind the roles by using Role-based access control (RBAC).
The following table lists various operations that are processed in the Red Hat OpenShift and required user roles. In the table, the letter
Xindicates the required user role for the operation.
| Cluster level | Local level | |||||
|---|---|---|---|---|---|---|
| cluster-admin | admin | edit | admin | edit | view | |
| Create the catalog source for the Engineering Lifecycle Management operator |  |
X | X | X | X | X |
| Create a project in the Red Hat OpenShift | |
X | X | X | X | X |
| Install the Engineering Lifecycle Management operator | |
X | X | X | X | X |
| Uninstall the Engineering Lifecycle Management operator | |
X | X | X | X | X |
| Create the Engineering Lifecycle Management instance | |
|
|
|
|
X |
| Modify the Engineering Lifecycle Management instance | |
|
|
|
|
X |
| Delete the Engineering Lifecycle Management instance | |
|
|
|
|
X |
| Create the Engineering Lifecycle Management Operation instance | |
|
|
|
|
X |
| Create the Serviceability instance | |
|
|
|
|
X |
Note:
- A user with an admin or edit role at the Red Hat OpenShift and Kubernetes project level can change the Engineering Lifecycle Management operator subscription channel and manage the Engineering Lifecycle Management operator version only by using the command line.
- A user with an admin or edit role at the project level can delete only
the Engineering Lifecycle Management operator subscription, not the operator group by using uninstall
Engineering Lifecycle Management operator or delete
ClusterServiceVersionoperations. - A workaround is available to install or uninstall the Engineering Lifecycle Management operator by a user with an admin role that is assigned to the project. For more information about the workaround, see Configure RBAC in Different Stages so End-users can Interact with OperatorHub in the Console.