| At the moment, we are missing a "mobile-developer" role that can be assigned to allow the logged users in the `mobile-developer-console` namespace so that normal users can create apps & resource CRs. This role should have the following permissions:
- view permission in the MDC namespace (but no access to secrets)
- create/vewi/get/list/delete permission on ConfigMaps in the MDC namespace (for sync)
- create/update/get/list/delete permissions on all the custom resources that will be used in the MDC (include mobileclient CR, UPS app & variant CRs, KC realm CR)
- any other resources that the user may need access to
This role should be assigned to all authenticated users in the MDC namespace. CC Gerard Ryan. Pavel Sturc Jan Hellar FYI, we should have test cases that use normal users to access the MDC. |
