This is a cache of https://docs.okd.io/4.7/authentication/impersonating-system-admin.html. It is a snapshot of the page at 2024-11-22T01:31:16.587+0000.
Impersonating the system:admin <strong>user</strong> | Authentication and authorization | OKD 4.7
×

API impersonation

You can configure a request to the OKD API to act as though it originated from another user. For more information, see user impersonation in the Kubernetes documentation.

Impersonating the system:admin user

You can grant a user permission to impersonate system:admin, which grants them cluster administrator permissions.

Procedure
  • To grant a user permission to impersonate system:admin, run the following command:

    $ oc create clusterrolebinding <any_valid_name> --clusterrole=sudoer --user=<username>

Impersonating the system:admin group

When a system:admin user is granted cluster administration permissions through a group, you must include the --as=<user> --as-group=<group1> --as-group=<group2> parameters in the command to impersonate the associated groups.

Procedure
  • To grant a user permission to impersonate a system:admin by impersonating the associated cluster administration groups, run the following command:

    $ oc create clusterrolebinding <any_valid_name> --clusterrole=sudoer --as=<user> \
    --as-group=<group1> --as-group=<group2>