Deleting access to a ROSA cluster
Delete access to a OpenShift Container Platform (ROSA) cluster using the rosa command-line.
Tip
AWS Security Token Service (STS) is the recommended credential mode for installing and interacting with clusters on OpenShift Container Platform because it provides enhanced security.
Revoking dedicated-admin access using the ROSA CLI
You can revoke access for a dedicated-admin user if you are the user who created the cluster, the organization administrator user, or the super administrator user.
-
You have added an Identity Provider (IDP) to your cluster.
-
You have the IDP user name for the user whose privileges you are revoking.
-
You are logged in to the cluster.
-
Enter the following command to revoke the
dedicated-adminaccess of a user:$ rosa revoke user dedicated-admin --user=<idp_user_name> --cluster=<cluster_name> -
Enter the following command to verify that your user no longer has
dedicated-adminaccess. The output does not list the revoked user.$ oc get groups dedicated-admins
Revoking cluster-admin access using the ROSA CLI
Only the user who created the cluster can revoke access for cluster-admin users.
-
You have added an Identity Provider (IDP) to your cluster.
-
You have the IDP user name for the user whose privileges you are revoking.
-
You are logged in to the cluster.
-
Enter the following command to revoke the
cluster-adminaccess of a user:$ rosa revoke user cluster-admins --user=myusername --cluster=mycluster -
Enter the following command to verify that the user no longer has
cluster-adminaccess. The output does not list the revoked user.$ oc get groups cluster-admins