|
6 | 6 | [id="granting-users-permission-to-monitor-user-defined-projects_{context}"] |
7 | 7 | = Granting users permission to monitor user-defined projects |
8 | 8 |
|
9 | | -Cluster administrators can monitor all core {product-title} and user-defined projects. |
| 9 | +As a cluster administrator, you can monitor all core {product-title} and user-defined projects. |
10 | 10 |
|
11 | | -Cluster administrators can grant developers and other users permission to monitor their own projects. Privileges are granted by assigning one of the following monitoring roles: |
| 11 | +You can also grant developers and other users different permissions: |
12 | 12 |
|
13 | | -* The *monitoring-rules-view* cluster role provides read access to `PrometheusRule` custom resources for a project. |
| 13 | +* To monitor user-defined projects. |
| 14 | +* To configure the components that monitor user-defined projects. |
| 15 | +* To configure alert routing for user-defined projects. |
14 | 16 |
|
15 | | -* The *monitoring-rules-edit* cluster role grants a user permission to create, modify, and delete `PrometheusRule` custom resources for a project. It also grants a user the ability to silence alerts. |
| 17 | +You can grant the permissions by assigning one of the following monitoring roles: |
16 | 18 |
|
17 | | -* The *monitoring-edit* cluster role grants the same privileges as the `monitoring-rules-edit` cluster role. Additionally, it enables a user to create new scrape targets for services or pods. With this role, you can also create, modify, and delete `ServiceMonitor` and `PodMonitor` resources. |
| 19 | +|=== |
| 20 | +|Role name |Description |
18 | 21 |
|
19 | | -You can also grant users permission to configure the components that are responsible for monitoring user-defined projects: |
| 22 | +|`monitoring-rules-view` | Users with this cluster role have read access to `PrometheusRule` custom resources for a user-defined project. They can also view the alerts in the *Developer* perspective of the {product-title} web console. |
20 | 23 |
|
21 | | -* The *user-workload-monitoring-config-edit* role in the `openshift-user-workload-monitoring` project enables you to edit the `user-workload-monitoring-config` `ConfigMap` object. With this role, you can edit the `ConfigMap` object to configure Prometheus, Prometheus Operator, and Thanos Ruler for user-defined workload monitoring. |
| 24 | +|`monitoring-rules-edit` | Users with this cluster role can create, modify, and delete `PrometheusRule` custom resources for a user-defined project. They can also create and silence alerts in the *Developer* perspective of the {product-title} web console. |
22 | 25 |
|
23 | | -You can also grant users permission to configure alert routing for user-defined projects: |
| 26 | +|`monitoring-edit` | Users with this cluster role have the same privileges as users with the `monitoring-rules-edit` cluster role. Additionally, users can create, modify, and delete `ServiceMonitor` and `PodMonitor` resources to scrape metrics from services and pods. |
24 | 27 |
|
25 | | -* The **alert-routing-edit** cluster role grants a user permission to create, update, and delete `AlertmanagerConfig` custom resources for a project. |
| 28 | +|`user-workload-monitoring-config-edit` | This role is given in the `openshift-user-workload-monitoring` project. Users with this role can edit the `user-workload-monitoring-config` `ConfigMap` object to configure Prometheus, Prometheus Operator, Alertmanager, and Thanos Ruler for user-defined workload monitoring. |
26 | 29 |
|
27 | | -This section provides details on how to assign these roles by using the {product-title} web console or the CLI. |
| 30 | +|`alert-routing-edit` | Users with this cluster role can create, update, and delete `AlertmanagerConfig` custom resources for a user-defined project. |
| 31 | +|=== |
| 32 | + |
| 33 | +The following sections provide details on how to assign these roles by using the {product-title} web console or the CLI. |
0 commit comments