As an administrator of an OpenShift Dedicated cluster with Customer Cloud Subscriptions (CCS), you have access to the
cluster-admin role. The user who created the cluster can add the
cluster-admin user role to an account to have the maximum administrator privileges. These privileges are not automatically assigned to your user account when you create the cluster. While logged in to an account with the cluster-admin role, users have mostly unrestricted access to control and configure the cluster. There are some configurations that are blocked with webhooks to prevent destabilizing the cluster, or because they are managed in OpenShift Cluster Manager (OCM) and any in-cluster changes would be overwritten. Usage of the cluster-admin role is subject to the restrictions listed in your Appendix 4 agreement with Red Hat. As a best practice, limit the number of
cluster-admin users to as few as possible.
As an administrator of an OpenShift Dedicated cluster, your account has additional permissions and access to all user-created projects in your organization’s cluster. While logged in to an account with the
dedicated-admin role, the developer CLI commands (under the
oc command) allow you increased visibility and management capabilities over objects across projects, while the administrator CLI commands (under the
oc adm command) allow you to complete additional operations.
While your account does have these increased permissions, the actual cluster maintenance and host configuration is still performed by the OpenShift Operations Team. If you would like to request a change to your cluster that you cannot perform using the administrator CLI, open a support case on the Red Hat Customer Portal.
Administrator roles are managed using a
dedicated-admin group on the cluster. Existing members of this group can edit membership through OpenShift Cluster Manager (OCM).
Navigate to the Cluster Details page and Access Control tab.
Click the Add user button (first user only).
Enter the user name and select the group.
Click the Add button.
Adding a user to the