How to configure RBAC for Office365? #11308
Unanswered
alessandroderoma
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'm using Argocd 2.5.2 in an AKS cluster.
I set up SAML authentication as described here and it's working, I can now give Office365 users access to the application without using the admin user.
My issue is that even if I provided the RBAC configuration as described in the "Configure Argo to use the new Azure AD enterprise app" section it seems it's being ignored.
I created two groups, "Cluster Viewers" (id
4984e4f5-0000-0000-0000-000000000000) and "Cluster Administrators" (idf6098101-0000-0000-0000-000000000000), then I defined my own policy based on the one above, giving just administrators the rights to operate on the cluster, leaving other groups in readonly mode by default policy:I then added my user to the "cluster viewers" group leaving the "cluster administrators" group empty; in my understanding "cluster viewers" should get the
role:readonlyas per default policy but I logged into ArgoCD via SAML and I can do whatever I want on the cluster (create/delete apps, sync, refresh, etc).If I go to ArgoCD's "User Info" page I see:
As you can see, in my groups there is no
f6098101-0000-0000-0000-000000000000, which should be the only group to get full read/write rights, so I feel I should really only be able to see applications without editing/syncing/other operations.Am I missing something here?
Beta Was this translation helpful? Give feedback.
All reactions