This is a cache of https://docs.openshift.com/rosa/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-deleting-access-cluster.html. It is a snapshot of the page at 2024-11-29T03:05:02.828+0000.
Deleting access to a ROSA cluster - Deploying ROSA without AWS STS | Install ROSA Classic clusters | Red Hat OpenShift Service on AWS
×

Delete access to a Red Hat OpenShift Service on AWS (ROSA) cluster using the rosa command-line.

AWS Security Token Service (STS) is the recommended credential mode for installing and interacting with clusters on Red Hat OpenShift Service on AWS (ROSA) because it provides enhanced security.

Revoking dedicated-admin access using the ROSA cli

You can revoke access for a dedicated-admin user if you are the user who created the cluster, the organization administrator user, or the super administrator user.

Prerequisites
  • You have added an Identity Provider (IDP) to your cluster.

  • You have the IDP user name for the user whose privileges you are revoking.

  • You are logged in to the cluster.

Procedure
  1. Enter the following command to revoke the dedicated-admin access of a user:

    $ rosa revoke user dedicated-admin --user=<idp_user_name> --cluster=<cluster_name>
  2. Enter the following command to verify that your user no longer has dedicated-admin access. The output does not list the revoked user.

    $ oc get groups dedicated-admins

Revoking cluster-admin access using the ROSA cli

Only the user who created the cluster can revoke access for cluster-admin users.

Prerequisites
  • You have added an Identity Provider (IDP) to your cluster.

  • You have the IDP user name for the user whose privileges you are revoking.

  • You are logged in to the cluster.

Procedure
  1. Enter the following command to revoke the cluster-admin access of a user:

    $ rosa revoke user cluster-admins --user=myusername --cluster=mycluster
  2. Enter the following command to verify that the user no longer has cluster-admin access. The output does not list the revoked user.

    $ oc get groups cluster-admins