Current Situation:

• The Developer Portal in TAP displays information for all namespaces, which is accessible by all users.

Desired Outcome:

• Each user or service provider should only see the namespace information they are authorized to access.
• For example:
• Service Provider a deploys applications to namespace demo-a and should only see demo-a namespace details in their Developer Portal.
• Service Provider b deploys applications to namespace demo-b and should only see demo-b namespace details in their Developer Portal.
• Service Provider a must not see information about demo-b, and vice versa.

• Create namespace-cluster-role.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: namespaces-role
rules:
- apiGroups: ['']
  resources: ['namespaces']
  verbs: ['get', 'list']

• Create namespace-cluster-role-binding.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: dscp-namespaces-rolebinding-sp1-ns
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: namespaces-role
subjects:
- kind: Group
  apiGroup: rbac.authorization.k8s.io
  name: <objectid>

• Add a label to the specified namespace for the scope

#@ load("@ytt:data", "data")
#! This for loop will loop over the namespace list in desired-namespaces.yaml and will create those namespaces.
#! NOTE: if you have another tool like Tanzu Mission Control or some other process that is taking care of creating namespaces for you, 
#! and you don’t want namespace provisioner to create the namespaces, you can delete this file from your GitOps install repository.
#@ for ns in data.values.namespaces:
---
apiVersion: v1
kind: Namespace
metadata:
  annotations:　##★
    apps.tanzu.vmware.com/tap-managed-ns: ""　##★
  name: #@ ns.name
#@ end

• Confirm on Developer Portal

Enable role-based access control for the Secure Supply Chains UI and Security Analysis UI plug-ins