Cluster-scoped permissions required by the Automation assets operator
The Automation foundation assets operator (Automation assets add-on) requires the following cluster-scoped permissions:
| API group | Resources | Methods | Permission | Usage |
|---|---|---|---|---|
| admissionregistration.k8s.io | validatingwebhookconfigurations | create, delete, get, list, patch, update, watch | Manage admission webhooks | The Automation assets operator uses admission webhooks to provide immediate validation and feedback about the creation and modification of Automation assets instances. The permission to manage webhooks is required for the operator to register these actions. |
| storage.k8s.io | storageclasses | get, list, watch | List storage classes | Allows the Automation assets operator to validate that the storage classes specified by the user exist. |
| config.openshift.io | clusterversions | list, get | List cluster versions | The Automation assets operator requires access to the OpenShift cluster version so it can detect what version of OpenShift the user is running and give guidance on compatible versions. |
An empty value ("") in the API group column indicates that the permission is a core resource.