TechQA.

ERROR: access denied to perform action "list" on "role", access denied to perform action "read" on "role"

439 views Asked by At

for a CI/CD pipeline, i need an image for connecting to my teleport cluster to use a bot, which i will a create. Therefore i have installed gravitational/teleport:12.4.11 (following this link ) with all required tools. The Log-in using tsh login --proxy=myteleport.registry.com works fine, but the following tctl get usersor tctl get roles --format=text throws ERROR: access denied to perform action "list" on "role", access denied to perform action "read" on "role". I highly appreciate any tips or suggestions you may give to resolve this.

teleport
Original Q&A
1

There are 1 answers

3
EnergY On BEST ANSWER

It seems that the user who logged in using the tsh login command does not have the necessary privileges to view a list of users or roles with tctl.

You can try adding a role that grants the required permissions. Here's an example of a role configuration manage-users-and-roles.yaml:

kind: role
metadata:
  description: role to manage users & roles 
  name: manage-users-and-roles
spec:
  allow:
    rules:
    - resources:
      - user
      - role
      - read
      verbs:
      - list
      - create
      - read
      - update
      - delete
  deny: {}
version: v4

Add this role to teleport :

tctl create -f manage-users-and-roles.yaml

And then link this role with your user :

tctl users update <your-username> --set-roles <existing-roles>,manage-users-and-roles

Note that you should be connected on your teleport server with the admin user

You can find more information about managing roles on teleport in their docs :

Related Questions in TELEPORT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions