Delete access to a Red Hat OpenShift Service on AWS (ROSA) cluster using the rosa command-line.

Revoking dedicated-admin access

Only the user who created the cluster can revoke access for a dedicated-admin users.

Prerequisites
  • You have added an Identity Provider (IDP) to your cluster.

  • You have the IDP user name for the user whose privileges you are revoking.

  • You are logged in to the cluster.

Procedure
  1. Enter the following command to revoke access for a dedicated-admin:

    $ rosa revoke user dedicated-admin --user=<idp_user_name> --cluster=<cluster_name>
  2. Enter the following command to verify that your user no longer has dedicated-admin access. The user will not be listed in the output.

    $ oc get groups dedicated-admins

    A Forbidden error displays if user without dedicated-admin privileges runs this command.

Revoking cluster-admin access

Only the user who created the cluster can revoke access for cluster-admin users.

Prerequisites
  • You have added an Identity Provider (IDP) to your cluster.

  • You have the IDP user name for the user whose privileges you are revoking.

  • You are logged in to the cluster.

Procedure
  1. Revoke the user cluster-admin privileges:

    $ rosa revoke user --cluster=<cluster_name> --cluster-admins=<idp_user_name>
  2. Verify your user is no longer listed as a cluster-admin:

    $ rosa list users --cluster=<cluster_name>