apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: <datavolume-cloner> (1)
rules:
- apiGroups: ["cdi.kubevirt.io"]
  resources: ["datavolumes/source"]
  verbs: ["*"]The isolating nature of namespaces means that users cannot by default clone resources between namespaces.
To enable a user to clone a virtual machine to another namespace, a
user with the cluster-admin role must create a new cluster role. Bind
this cluster role to a user to enable them to clone virtual machines
to the destination namespace.
Create a new cluster role that enables permissions for all actions for the datavolumes resource.
You have installed the OpenShift CLI (oc).
You must have cluster admin privileges.
| If you are a non-admin user that is an administrator for both the source and target namespaces, you can create a  | 
Create a ClusterRole manifest:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: <datavolume-cloner> (1)
rules:
- apiGroups: ["cdi.kubevirt.io"]
  resources: ["datavolumes/source"]
  verbs: ["*"]| 1 | Unique name for the cluster role. | 
Create the cluster role in the cluster:
$ oc create -f <datavolume-cloner.yaml> (1)| 1 | The file name of the ClusterRolemanifest created in the previous step. | 
Create a RoleBinding manifest that applies to both the source and destination namespaces and references
the cluster role created in the previous step.
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: <allow-clone-to-user> (1)
  namespace: <Source namespace> (2)
subjects:
- kind: ServiceAccount
  name: default
  namespace: <Destination namespace> (3)
roleRef:
  kind: ClusterRole
  name: datavolume-cloner (4)
  apiGroup: rbac.authorization.k8s.io| 1 | Unique name for the role binding. | 
| 2 | The namespace for the source data volume. | 
| 3 | The namespace to which the data volume is cloned. | 
| 4 | The name of the cluster role created in the previous step. | 
Create the role binding in the cluster:
$ oc create -f <datavolume-cloner.yaml> (1)| 1 | The file name of the RoleBindingmanifest created in the previous step. |