Documentation - V-257513

V-257513

Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide

CAT I

Title

OpenShift role-based access controls (RBAC) must be enforced.

Description

<VulnDiscussion>Controlling and limiting users access to system services and resources is key to securing the platform and limiting the intentional or unintentional compromising of the system and its services. OpenShift provides a robust RBAC policy system that allows for authorization policies to be as detailed as needed. Additionally, there are two layers of RBAC policies. The first is Cluster RBAC policies which administrators can control who has what access to cluster level services. The oth...

Fix Text (Documentation Requirement)

If users or groups exist that are bound to roles they must not have, modify the user or group permissions using the following cluster and local role binding commands: Remove a user from a Cluster RBAC role by executing the following: oc adm policy remove-cluster-role-from-user <role> <username> Remove a group from a Cluster RBAC role by executing the following: oc adm policy remove-cluster-role-from-group <role> <groupname> Remove a user from a Local RBAC role by executing the following: oc adm policy remove-role-from-user <role> <username> Remove a group from a Local RBAC role by executing the following: oc adm policy remove-role-from-group <role> <groupname> Note: For additional information, refer to https://docs.openshift.com/co...

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel