Identity and Access Management (IAM): 403 error when signing in to Event Streams UI

Symptoms

Signing into the Event Streams UI as an IAM user fails with the message 403 Not authorized, indicating that the user does not have permission to access the Event Streams instance.

Note: Identity and Access Management (IAM) authentication is only available on the OpenShift Container Platform with IBM Cloud Pak foundational services 3.x releases. It is not supported on other Kubernetes platforms.

Causes

To access the Event Streams UI, the user must either have the Cluster Administrator role or the Administrator role and be in a team with a namespace resource added for the namespace containing the Event Streams instance. If neither of these applies, the error will be displayed.

Resolving the problem

Assign access to users with an Administrator role by ensuring they are in a team with access to the correct namespace.