Skip to content
This repository has been archived by the owner on Jul 28, 2021. It is now read-only.

Restrict RBAC #47

Open
devstein opened this issue Feb 13, 2020 · 1 comment
Open

Restrict RBAC #47

devstein opened this issue Feb 13, 2020 · 1 comment

Comments

@devstein
Copy link
Contributor

In the current cluster-role-binding, the default ServiceAccount in the istio-system is given the cluster-admin role. Why is this necessary? What are the RBAC permissions required by the App Identity and Access Adapter?
@jpapejr
Copy link

jpapejr commented Feb 17, 2020

Seems like it could be pared down to basic CRUD ops on the following api-resources:

jwtconfigs                                             security.cloud.ibm.com                true         JwtConfig
oidcconfigs                                            security.cloud.ibm.com                true         OidcConfig
policies                                               security.cloud.ibm.com                true         Policy

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jpapejr @devstein