What are the correct steps to grant the DevOps team permissions to a vSphere Namespace in a VMware Cloud Foundation (VCF) developer-ready workload domain while following the principle of least privilege access?
What are the correct steps to grant the DevOps team permissions to a vSphere Namespace in a VMware Cloud Foundation (VCF) developer-ready workload domain while following the principle of least privilege access?
The principle of least privilege access entails granting only the necessary permissions needed to perform specific tasks. In this context, adding the DevOps group at the Permissions setting and assigning the 'Can edit' permission is the most appropriate step. This provides the necessary but minimal set of permissions for creating, reading, updating, and deleting TKG clusters without granting overly broad permissions that are not needed.
correct is D
Another vote for D. https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-with-tanzu-tkg/GUID-223D91FB-C4CB-4DA7-8B3F-24721ABDFBC7.html
there is no global permissions tab, and can edit is the correct term for permissions not edit
Option A and D are not specific to Kubernetes namespaces and may provide more access than necessary, similarly Option C is related to the overall management of the Supervisor Cluster but does not specifically address permissions within a vSphere Namespace in the context of Kubernetes workloads. So, option B should be the correct.
Ans D - Role Permissions and RoleBindings TKG clusters on Supervisor support three roles: viewer, editor, and owner. Role permissions are assigned at and scoped to the vSphere Namespace. See Configuring vSphere Namespaces for TKG Clusters on Supervisor. A user/group granted the Can view role permission on a vSphere Namespace has read-only access to TKG clusters provisioned in that vSphere Namespace. A user/group granted the Can edit role permission on a vSphere Namespace can create, read, update, and delete TKG clusters in that vSphere Namespace. A user/group granted the Owner permission on a vSphere Namespace can administer TKG clusters in that vSphere Namespace, and can create and delete additional vSphere Namespaces using kubectl.