Users assigned the Project Owner or Member role on a project are able to create namespaces on any project, in the same cluster, to which they have access

This document (000020205) is provided subject to the disclaimer at the end of this document.

Situation

Issue

A user assigned the Project Owner or Member role on one project is able to create namespaces on any project, in the same cluster, to which they have access.

For example, if a user has been granted the Project Member role on a Project named Dev in a cluster, and the Read-only role on a project named Test in that cluster, they will be able to create namespaces on both the Dev and Test projects.

Pre-requisites

  • A cluster managed by Rancher v2.x
  • A user granted the Project Member or Owner role on one project, and access e.g. the Read-only role, on another project

Explanation

Per the caveat explanation in the Rancher v2.x documentation:

Users assigned the Owner or Member role for a project automatically inherit the namespace creation role. However, this role is a Kubernetes ClusterRole, meaning its scope extends to all projects in the cluster. Therefore, users explicitly assigned the owner or member role for a project can create namespaces in other projects they’re assigned to, even with only the Read Only role assigned.

Further Reading

Read more on Cluster and Project Roles in the Rancher v2.x. documentation.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020205
  • Creation Date: 06-May-2021
  • Modified Date:06-May-2021
    • SUSE Rancher

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center