If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.
Here is a basic illustration of how a user, group or service account get mapped to permissions.
The oc get users command can be used to list the users that have logged into OpenShift.
IMPORTANT
Users will not be listed until they have logged into OpenShift at least once.
~]# oc get users
NAME UID FULL NAME IDENTITIES
john.doe 6b9b184a-cfea-44bf-ad62-a4a3454881cc john.doe htpasswd_provider:john.doe
jane.doe 5ad8f659-64ce-4c9c-9ca0-fe69521fd7f2 jane.doe my-ldap:Y249YzA0NDIwNixvdT11c2VycyxPPVRocml2ZW50
Similarly, the oc list identity command can be used to list the users that exist on the system under a particular identity provider.
IMPORTANT
Identities will not be listed until they have logged into OpenShift at least once.
~]$ oc get identity
NAME IDP NAME IDP USER NAME USER NAME USER UID
htpasswd_provider:john.doe htpasswd_provider john.doe john.doe 6b9b184a-cfea-44bf-ad62-a4a3454881cc
my-ldap:Y249YzA0NDIwNixvdT11c2VycyxPPVRocml2ZW50 my-ldap Y249YzA0NDIwNixvdT11c2VycyxPPVRocml2ZW50 jane.doe 5ad8f659-64ce-4c9c-9ca0-fe69521fd7f2
my-ldap:Y249YzA0NDQ2OSxvdT11c2VycyxPPVRocml2ZW50 my-ldap Y249YzA0NDQ2OSxvdT11c2VycyxPPVRocml2ZW50 jack.doe eb31ca82-4af7-477f-b6c7-53661b685189
The oc describe user command can be used to display more details.
~]$ oc describe user john.doe
Name: john.doe
Created: 19 months ago
Labels: <none>
Annotations: <none>
Full Name: john.doe
Identities: htpasswd_provider:john.doe
The oc get user command with --output yaml or --output json option can also be used to display more details.
~]# oc get user jane.doe --output yaml
apiVersion: user.openshift.io/v1
fullName: jane.doe
groups: null
identities:
- ldap:Y249YzA0NDIwNixvdT11c2VycyxPPVRocml2ZW50
kind: User
metadata:
creationTimestamp: "2021-10-21T01:45:35Z"
name: jane.doe
resourceVersion: "105181738"
uid: 46d50eb6-2f79-4a80-b24e-b7543001ba70
Did you find this article helpful?
If so, consider buying me a coffee over at 