public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-17 18:37:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

updating description of what users can do within projects after their cluster membership is revoked

Browse Source
This commit is contained in:
Mark Bishop
2018-09-07 11:02:59 -07:00
parent 3c5c631455
commit b379e47cba
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md
+3 -3
View File
@@ -137,9 +137,9 @@ You can change the cluster or project role(s) that are automatically assigned to
### Cluster Membership Revocation Behavior
When you revoke the cluster membership for a user that's explicitly assigned membership to both the cluster _and_ a project within the cluster, that user [loses their cluster roles](#clus-roles) but [retains their project roles](#proj-roles). In other words, although you have revoked the user's permissions to access the cluster and its nodes, the user can still access and manage:
When you revoke the cluster membership for a user that's explicitly assigned membership to both the cluster _and_ a project within the cluster, that user [loses their cluster roles](#clus-roles) but [retains their project roles](#proj-roles). In other words, although you have revoked the user's permissions to access the cluster and its nodes, the user can still:
- The projects they hold membership in.
- The namespaces that they've created.
- Access the projects they hold membership in.
- Exercise any [individual project roles](#project-role-reference) they are assigned.
This functionality is intended to prevent project and namespace owners from being locked out of their own projects and namespaces. If you want to completely revoke a user's access within a cluster, revoke both their cluster and project memberships.