OKD Role and RoleBinding suitable to share Templates and ImageStreams with other users and projects

okd-share-resources.yml

apiVersion: v1
kind: Template
metadata:
  name: shared-resource-viewer
parameters:
- displayName: Project / Namespace
  description: Name of the project (might be current project) from which you want to publish/share Templates and ImageStreams
  name: NAMESPACE
  required: true
  value: my-project-name
objects:  
- apiVersion: authorization.openshift.io/v1
  kind: Role
  metadata:
    annotations:
      openshift.io/reconcile-protect: "false"
    name: shared-resource-viewer
    namespace: ${NAMESPACE}
  rules:
  - apiGroups:
    - ""
    - template.openshift.io
    attributeRestrictions: null
    resources:
    - templates
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    - image.openshift.io
    attributeRestrictions: null
    resources:
    - imagestreamimages
    - imagestreams
    - imagestreamtags
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    - image.openshift.io
    attributeRestrictions: null
    resources:
    - imagestreams/layers
    verbs:
    - get
- apiVersion: authorization.openshift.io/v1
  groupNames:
  - system:authenticated
  kind: RoleBinding
  metadata:
    annotations:
      openshift.io/reconcile-protect: "false"
    name: shared-resource-viewers
    namespace: ${NAMESPACE}
  roleRef:
    name: shared-resource-viewer
    namespace: ${NAMESPACE}
  subjects:
  - kind: SystemGroup
    name: system:authenticated
  userNames: null