×

By default, any type of user, except the kube:admin user, logged into the default Argo CD instance does not have access to any services. But a user logged into a custom Argo CD instance is a read-only user by default.

In Red Hat OpenShift GitOps v1.9.0 or earlier versions, any type of user, except the kube:admin user, logged into Argo CD using Red Hat SSO (RH SSO) is a read-only user by default.

Configuring user level access

To manage and modify the user level access, configure the role-based access control (RBAC) section in the Argo CD custom resource (CR).

Procedure
  1. Edit the argocd CR:

    $ oc edit argocd [argocd-instance-name] -n [namespace]
    Output
    metadata
    ...
    ...
      rbac:
        policy: 'g, rbacsystem:cluster-admins, role:admin'
        scopes: '[groups]'
  2. Add the policy configuration to the rbac section and add the name and the desired role to be applied to the user:

    metadata
    ...
    ...
    rbac:
        policy: g, <name>, role:<admin>
        scopes: '[groups]'

Currently, RHSSO cannot read the group information of Red Hat OpenShift GitOps users. Therefore, configure the RBAC at the user level.