Bug 2277779

Summary: UI blocking appuser from applying policy/Failover/Relocate for subscription applications
Product: [Red Hat Storage] Red Hat OpenShift Data Foundation Reporter: avdhoot <asagare>
Component: documentationAssignee: Erin Donnelly <edonnell>
Status: ASSIGNED --- QA Contact: Neha Berry <nberry>
Severity: urgent Docs Contact:
Priority: high    
Version: 4.16CC: aclewett, edonnell, odf-bz-bot
Target Milestone: ---Flags: olakra: needinfo? (aclewett)
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description avdhoot 2024-04-29 14:20:15 UTC 
Created attachment 2030051 [details]
drpolicy_restricted

Describe the issue:

The appusers created by following article[1] doesn't have permission 
to apply drpolicy to its workloads.

With the current app user permission doc, UI will blocking from applying policy/Failover/Relocate for subscription applications. App user need one more extra permission to read DRPC from the discovered application namespace.


[1] https://access.redhat.com/articles/7048456 

Describe the task you were trying to accomplish:

Suggestions for improvement:

Update doc with permissions

Document URL:
https://access.redhat.com/articles/7048456 

Chapter/Section Number and Title:

Product Version:
OCP- 4.16
ODF 4.16

Environment Details:

Any other versions of this document that also needs this update:

Additional information:
Comment 4 avdhoot 2024-05-08 08:43:17 UTC 
Used Below Workaround to get access of drpolicy for assigning to workload(additional step).


1. Created openshift-dr-ops namespace on hub
2. Create drpc rolebinding to user.

"""
cat <<EOF | oc apply -f -
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: drplacementcontrols.ramendr.rolebinding
  namespace: openshift-dr-ops
subjects:
  - kind: User
    apiGroup: rbac.authorization.k8s.io
    name: {username}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: drplacementcontrols.ramendr.openshift.io-v1alpha1-view
EOF
"""