How can I define that only configmap and secret are forbidden to be obtained?

Asking for help? Comment out what you need so we can get more information to help you!

Cluster information:


- apiGroups:
  - '*'
  - '*'
  - get
  - list

I expect to use

- "!secrets"
- "!configmaps"

, but it doesn’t seem to take effect

Kubernetes version: 1.16
Cloud being used: (put bare-metal if not on a public cloud)
Installation method:
Host OS:
CNI and version:
CRI and version:

You can format your yaml by highlighting it and pressing Ctrl-Shift-C, it will make your output easier to read.