MKE must have Grants created to control authorization to cluster resources.

An XCCDF Rule

Description

<VulnDiscussion>MKE uses Role-Based Access Controls (RBAC) to enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. Using an IDP (per this STIG) still requires configure mapping. Refer to the following for more information: https://docs.mirantis.com/mke/3.7/ops/authorize-rolebased-access/rbac-tutorials/access-control-standard.html#access-control-standard.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-260912r966093_rule
Severity: Medium
References: CCI-001368
Updated: 19 days ago

Create Role Bindings/Grants by logging in to the MKE web UI as an MKE Admin. Navigate to Access Control >> Grants.

Using Kubernetes orchestration:
- Select the "Kubernetes" tab and click "Create Role Binding".
- Add Users, Organizations or Service Accounts as needed and click "Next".
- Under "Resource Set", enable "Apply Role Binding to all namespaces", and then click "Next".- Under "Role" select a cluster role.
- Click "Create".

Using Swarm orchestration:
- Select the "Swarm" tab and click "Create Grant".
- Add Users, Organizations, or Service Accounts as needed and click "Next".
- Under "Resource Set", click "View Children" until the required Swarm collection displays, and then click "Next".
- Under "Role" select a cluster role.
- Click "Create".

MKE must have Grants created to control authorization to cluster resources.

Description

Remediation - Manual Procedure