Bug 1923869

Summary: [DOCS] Incorrect descriptions with Disabling access to a build strategy globally about removing subresources from clusterrole
Product: OpenShift Container Platform Reporter: yhe
Component: DocumentationAssignee: Kelly Brown <kelbrown>
Status: CLOSED CURRENTRELEASE QA Contact: Jitendar Singh <jitsingh>
Severity: medium Docs Contact: Latha S <lmurthy>
Priority: low    
Version: 4.6CC: aos-bugs, jokerman, lmurthy
Target Milestone: ---   
Target Release: 4.6.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-29 14:24:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description yhe 2021-02-02 06:14:07 UTC 
Document URL: 
https://docs.openshift.com/container-platform/4.6/builds/securing-builds-by-strategy.html#builds-disabling-build-strategy-globally_securing-builds-by-strategy

Section Number and Name: 
Disabling access to a build strategy globally
--> 3. Ensure the build strategy subresources are also removed from these roles:
    4. For each role, remove the line that corresponds to the resource of the strategy to disable.

Describe the issue: 
There is no builds/docker、builds/source、builds/jenkinspipeline subresources in clusterrole/admin or clusterrole/edit.

$ oc get clusterrole admin -o yaml | grep builds
  - builds/details
  - builds
  - builds
  - builds/log
  - builds/clone
  - builds

$ oc get clusterrole edit -o yaml | grep builds
  - builds/details
  - builds
  - builds
  - builds/log
  - builds/clone
  - builds

Suggestions for improvement: 
Revise the step 3 and step 4, if these steps are not necessary, delete them. 
By the way, it seems worth mentioning that the steps introduced in the document about disabling access to a build strategy globally only take effect on the non-cluster-admin users. A cluster-admin user can still start a build even if all build strategies are disabled globally.

Additional information:
Comment 2 Kelly Brown 2021-11-11 15:24:31 UTC 
PR for changes: https://github.com/openshift/openshift-docs/pull/38612
Comment 3 Kelly Brown 2021-11-29 14:24:28 UTC 
Updated changes in docs: https://docs.openshift.com/container-platform/4.9/cicd/builds/securing-builds-by-strategy.html#builds-disabling-build-strategy-globally_securing-builds-by-strategy