Description of problem: Granting a second user 'view' permissions in a project is forbidden Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Create a project 2. Create an application from the web console, i.e. https://github.com/openshift/nodejs-ex.git 3. Wait until the service is ready and the nodejs-sample-1 build have completed 4. Add the view role to the second user: oc policy add-role-to-user view user2 Actual results: Error from server (Forbidden): rolebindings "view" is forbidden: rolebindings to User "user2" are not allowed in project "v2w5c" Expected results: The user2 user could be granted view permissions Additional info:
Would you please get the output 'oc get rolebindingrestriction' in you project?
Are RoleBindingRestrictions being used in this environment? https://github.com/openshift/openshift-docs/blob/master/admin_solutions/user_role_mgmt.adoc#role-binding-restriction
so, the default in that environment is that you can only grant access to serviceaccounts in that project, not to other users