Merge pull request #9753 from omegamormegil/patch-21

granting cluster-admin to normal users
2019-12-11 14:30:39 -05:00 · 2019-12-11 14:30:39 -05:00 · 632f16cd3b
parent a2bf94cda1 ddec061b7f
commit 632f16cd3b
1 changed files with 9 additions and 2 deletions
--- a/ee/ucp/authorization/index.md
+++ b/ee/ucp/authorization/index.md
@ -90,7 +90,7 @@ together.
 Only an administrator can manage grants, subjects, roles, and access to
 resources.

-> About administrators
+> Note
 >
 > An administrator is a user who creates subjects, groups resources by moving them
 > into collections or namespaces, defines roles by selecting allowable operations,
@ -103,7 +103,14 @@ For cluster security, only UCP admin users and service accounts that are
 granted the `cluster-admin` ClusterRole for all Kubernetes namespaces via a
 ClusterRoleBinding can deploy pods with privileged options. This prevents a
 platform user from being able to bypass the Universal Control Plane Security
-Model. These privileged options include:
+Model. 
+
+> Note
+> 
+> Granting the `cluster admin` ClusterRole to normal users does not allow 
+> them to deploy privileged pods. 
+
+These privileged options include:

 Pods with any of the following defined in the Pod Specification: