OpenShift: namespaces is forbidden: User <user-name> cannot list resource "namespaces" in API group at the cluster scope

Question

I've created a new user and assigned it admin role to one project.

I'm running some code that tries to deploy to that project, however I get this:

namespaces is forbidden: User <user-name> cannot list resource "namespaces" in API group at the cluster scope

How can I add this role to this user?

I tried doing this:

# oc adm policy add-cluster-role-to-user namespaces my-admin
Warning: role 'namespaces' not found
clusterrole.rbac.authorization.k8s.io/namespaces added: "my-admin"

# oc adm policy add-role-to-user namespaces my-admin
clusterrole.rbac.authorization.k8s.io/namespaces added: "my-admin"

They don't seem to have any effect.

Using OpenShift 4.2

Answer 1

Here's list of default roles and overview about roles. You can check role's posibilities via:

oc describe clusterrole.rbac

It returns list of available roles with assigned verbs. For instance, there's cluster wide role 'cluster-reader' with following verbs on namespaces which is can be used to list namespaces:

namespaces  []  []  [get list watch]