Created attachment 2030051 [details] drpolicy_restricted Describe the issue: The appusers created by following article[1] doesn't have permission to apply drpolicy to its workloads. With the current app user permission doc, UI will blocking from applying policy/Failover/Relocate for subscription applications. App user need one more extra permission to read DRPC from the discovered application namespace. [1] https://access.redhat.com/articles/7048456 Describe the task you were trying to accomplish: Suggestions for improvement: Update doc with permissions Document URL: https://access.redhat.com/articles/7048456 Chapter/Section Number and Title: Product Version: OCP- 4.16 ODF 4.16 Environment Details: Any other versions of this document that also needs this update: Additional information:
Used Below Workaround to get access of drpolicy for assigning to workload(additional step). 1. Created openshift-dr-ops namespace on hub 2. Create drpc rolebinding to user. """ cat <<EOF | oc apply -f - kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: drplacementcontrols.ramendr.rolebinding namespace: openshift-dr-ops subjects: - kind: User apiGroup: rbac.authorization.k8s.io name: {username} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: drplacementcontrols.ramendr.openshift.io-v1alpha1-view EOF """