-
I did a quick local teleport deployment with docker-compose based on the image quay.io/gravitational/teleport:6.0.0. I have created a user with
and after the user has been activated, I assigned the admin-role:
which was confirmed with the message However, when I log into the teleport web interface, I can't manage users or assign roles to servers. I can't really see anything related to RBAC, not even the role what has been assigned to the user is shown in the profile. I may have a complete wrong understanding how RBAC is implemented in the OSS version. However, I can't find any documentation on this topic. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
I figured out that I can check the available roles with
Here is the output I got: kind: role
metadata:
id: 123123123123123123123
labels:
migrate-v6.0: "true"
name: admin
spec:
allow:
app_labels:
'*': '*'
db_labels:
'*': '*'
db_names:
- '{{internal.db_names}}'
db_users:
- '{{internal.db_users}}'
kubernetes_groups:
- '{{internal.kubernetes_groups}}'
kubernetes_labels:
'*': '*'
kubernetes_users:
- '{{internal.kubernetes_users}}'
logins:
- '{{internal.logins}}'
node_labels:
'*': '*'
rules:
- resources:
- event
verbs:
- list
- read
- resources:
- session
verbs:
- list
- read
deny: {}
options:
cert_format: standard
enhanced_recording:
- command
- network
forward_agent: true
max_session_ttl: 30h0m0s
port_forwarding: true
version: v3 On the RBAC Documentation page (https://goteleport.com/teleport/docs/enterprise/ssh-rbac/) it says: That's why I exported, edited and re-imported the roles with: tctl get roles > updroles.yaml
vim updroles.yaml
tctl create -f updroles.yaml After this, the rules-section shown by After logging out and back in, I was able to see the additional section Team in the navigation. I guess that my role was not updated when I upgraded from Teleport 5.0 to Teleport 6.0. |
Beta Was this translation helpful? Give feedback.
I figured out that I can check the available roles with
Here is the output I got: