Document URL: https://docs.openshift.com/container-platform/4.6/builds/securing-builds-by-strategy.html#builds-disabling-build-strategy-globally_securing-builds-by-strategy Section Number and Name: Disabling access to a build strategy globally --> 3. Ensure the build strategy subresources are also removed from these roles: 4. For each role, remove the line that corresponds to the resource of the strategy to disable. Describe the issue: There is no builds/docker、builds/source、builds/jenkinspipeline subresources in clusterrole/admin or clusterrole/edit. $ oc get clusterrole admin -o yaml | grep builds - builds/details - builds - builds - builds/log - builds/clone - builds $ oc get clusterrole edit -o yaml | grep builds - builds/details - builds - builds - builds/log - builds/clone - builds Suggestions for improvement: Revise the step 3 and step 4, if these steps are not necessary, delete them. By the way, it seems worth mentioning that the steps introduced in the document about disabling access to a build strategy globally only take effect on the non-cluster-admin users. A cluster-admin user can still start a build even if all build strategies are disabled globally. Additional information:
PR for changes: https://github.com/openshift/openshift-docs/pull/38612
Updated changes in docs: https://docs.openshift.com/container-platform/4.9/cicd/builds/securing-builds-by-strategy.html#builds-disabling-build-strategy-globally_securing-builds-by-strategy