for a CI/CD pipeline, i need an image for connecting to my teleport cluster to use a bot, which i will a create. Therefore i have installed gravitational/teleport:12.4.11 (following this link ) with all required tools. The Log-in using tsh login --proxy=myteleport.registry.com works fine, but the following tctl get usersor tctl get roles --format=text throws ERROR: access denied to perform action "list" on "role", access denied to perform action "read" on "role".
I highly appreciate any tips or suggestions you may give to resolve this.
It seems that the user who logged in using the tsh login command does not have the necessary privileges to view a list of users or roles with tctl.
You can try adding a role that grants the required permissions. Here's an example of a role configuration manage-users-and-roles.yaml:
kind: role
metadata:
description: role to manage users & roles
name: manage-users-and-roles
spec:
allow:
rules:
- resources:
- user
- role
- read
verbs:
- list
- create
- read
- update
- delete
deny: {}
version: v4
Add this role to teleport :
tctl create -f manage-users-and-roles.yaml
And then link this role with your user :
tctl users update <your-username> --set-roles <existing-roles>,manage-users-and-roles
Note that you should be connected on your teleport server with the admin user
You can find more information about managing roles on teleport in their docs :