$ rosa revoke user dedicated-admin --user=<idp_user_name> --cluster=<cluster_name>
An identity provider (IDP) controls access to a Red Hat OpenShift Service on AWS (ROSA) cluster. To revoke access of a user to a cluster, you must configure that within the IDP that was set up for authentication.
You can revoke the administrator access of users so that they can access the cluster without administrator privileges. To remove the administrator access for a user, you must revoke the dedicated-admin
or cluster-admin
privileges. You can revoke the administrator privileges using the Red Hat OpenShift Service on AWS (ROSA) CLI, rosa
, or using OpenShift Cluster Manager console.
dedicated-admin
access using the ROSA CLIYou can revoke access for a dedicated-admin
user if you are the user who created the cluster, the organization administrator user, or the super administrator user.
You have added an Identity Provider (IDP) to your cluster.
You have the IDP user name for the user whose privileges you are revoking.
You are logged in to the cluster.
Enter the following command to revoke the dedicated-admin
access of a user:
$ rosa revoke user dedicated-admin --user=<idp_user_name> --cluster=<cluster_name>
Enter the following command to verify that your user no longer has dedicated-admin
access. The output does not list the revoked user.
$ oc get groups dedicated-admins
cluster-admin
access using the ROSA CLIOnly the user who created the cluster can revoke access for cluster-admin
users.
You have added an Identity Provider (IDP) to your cluster.
You have the IDP user name for the user whose privileges you are revoking.
You are logged in to the cluster.
Enter the following command to revoke the cluster-admin
access of a user:
$ rosa revoke user cluster-admins --user=myusername --cluster=mycluster
Enter the following command to verify that the user no longer has cluster-admin
access. The output does not list the revoked user.
$ oc get groups cluster-admins
You can revoke the dedicated-admin
or cluster-admin
access of users through OpenShift Cluster Manager console. Users will be able to access the cluster without administrator privileges.
You have added an Identity Provider (IDP) to your cluster.
You have the IDP user name for the user whose privileges you are revoking.
You are logged in to OpenShift Cluster Manager console using an OpenShift Cluster Manager account that you used to create the cluster, the organization administrator user, or the super administrator user.
On the Cluster List tab of OpenShift Cluster Manager, select the name of your cluster to view the cluster details.
Select Access control > Cluster Roles and Access.
For the user that you want to remove, click the Options menu to the right of the user and group combination and click Delete.