Currently, all core CRD related to Operator installations are namespace-scoped. Thus, a namespace-scoped user may deploy an Operator with ClusterRoleBinding via olm, and then ClusterRoleBinding will be granted to his namespace. He can then escalate privileges to cluster level. Perhaps we can add a webhook/cel to reject such install requests when the request user has lower permissions than the Operators.
Currently, all core CRD related to Operator installations are namespace-scoped. Thus, a namespace-scoped user may deploy an Operator with ClusterRoleBinding via olm, and then ClusterRoleBinding will be granted to his namespace. He can then escalate privileges to cluster level. Perhaps we can add a webhook/cel to reject such install requests when the request user has lower permissions than the Operators.