If pre-defined roles aren't sufficient for you, you can always create custom roles with just the specific rules you need. Let's create a custom role that can be used instead of the edit role to create and get pods:

$ oc login -u system:admin...$ oc create clusterrole alice-project-edit --verb=get,list,watch --

resource=namespace,projectclusterrole "alice-project-edit" created

Notice that we had to log in as cluster administrator to create a cluster role. A cluster role is required to make its users members of a particular project.

OpenShift's create clusterrole command is limited to creating only one set of resources and verbs, so we couldn't add different verbs for pods. We can work around this limitation by editing ...