To prevent access to a particular build strategy globally, log in as a user with
cluster-admin
privileges and remove the corresponding role from the system:authenticated group:
$ oadm policy remove-cluster-role-from-group system:build-strategy-custom system:authenticated
$ oadm policy remove-cluster-role-from-group system:build-strategy-docker system:authenticated
$ oadm policy remove-cluster-role-from-group system:build-strategy-source system:authenticated
$ oadm policy remove-cluster-role-from-group system:build-strategy-jenkinspipeline system:authenticated
In versions prior to 3.2, the build strategy subresources were included in the admin
and edit
roles.
Ensure the build strategy subresources are also removed from these roles:
$ oc edit clusterrole admin
$ oc edit clusterrole edit
For each role, remove the line that corresponds to the resource of the strategy to disable.
Example 1. Disable the Docker Build Strategy for admin
kind: ClusterRole
metadata:
name: admin
...
rules:
- resources:
- builds/custom
- builds/docker (1)
- builds/source
...
...
1 |
Delete this line to disable Docker builds globally for users with the admin role. |