v13 Agentless/OpenSSH guide permissions requirements not documented

[GavinFrazar]

Applies To

https://goteleport.com/docs/ver/13.x/server-access/guides/openssh/#step-15-add-a-node-resource-to-your-teleport-cluster

Details

When following this guide I was using tctl remotely. My user had roles access,editor,auditor. These roles do not have resource permission create/update for node resources.

The guide should explain that these permissions are necessary and explain how to grant them.

$ tctl create ~/teleport-config/resources/nodes/openssh.yaml
ERROR: access denied to perform action "create" on "node", access denied to perform action "update" on "node"

[ptgott]

@capnspacehook Should the preset editor role include this access? I can see that it doesn't, but there's an argument to be made that it's in the spirit of the editor role to be able to create Node resources. Was there a discussion around this? Thanks!

[capnspacehook]

Yes I think it should, I'll make a PR to do that