Can RBAC control access to individual resources?

JoshuaFox · February 10, 2020, 5:29pm

In RBAC, this yaml grants access to Secrets. But what if I want a ClusterRole that grants access to specific Secrets, so that I can give a user access to some Secrets and not others?

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: secret-reader
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get", "watch", "list"]

JoshuaFox · February 12, 2020, 7:26am

This can be done with resourceNames

Topic		Replies	Views
How can I setup cluster role or role to deny access to certain resources? General Discussions	4	7261	July 24, 2021
RBAC for K8s secrets limited to certain pods in same namespace General Discussions	2	937	August 15, 2020
How to limit the scope of Namespace with ClusterRole? General Discussions development	4	16546	August 31, 2022
User with cluster-admin role and remote access to cluster General Discussions	0	538	July 31, 2023
Create custom ClusterRole that inherits from default edit? General Discussions	0	1913	September 29, 2021

Can RBAC control access to individual resources?

Related topics