Skip to content

Role Binding#

A role binding grants the permissions defined in a role to a user or set of users. It holds a list of subjects (users or teams) and a reference to the role being granted. A RoleBinding grants permissions within a specific project whereas a GlobalRoleBinding grants that access global-wide.

A RoleBinding may reference any Role in the same project. Similarly, a GlobalRoleBinding can reference any GlobalRole.

Choose a scope#

There are two different scopes in which you can define a RoleBinding, depending on the role scope.

  • for GlobalRole, use GlobalRoleBinding
  • for Role, use RoleBinding

Project level#

In case you would like to set a role binding for a Role, you will need to create a RoleBinding.

kind: "RoleBinding"
metadata:
  name: <string>
  project: <string>
spec: <RoleBinding specification>

Global level#

In case you would like to set a role binding for a GlobalRole , you will need to create a GlobalRoleBinding.

kind: "GlobalRoleBinding"
metadata:
  name: <string>
spec: <RoleBinding specification>

RoleBinding specification#

# Name of the Role or GlobalRole concerned by the role binding (metadata.name)
role: <string>
# Subjects that will inherit permissions from the role
subjects: 
  - <Subject specification>

Subject specification#

# The type of the subject. For example: `User`
kind: <string>

# The name of the subject (metadata.name)
name: <string>

More info about authorization#

Please look at the documentation to know more about permissions and role bindings.

API definition#

RoleBinding#

Get a list of RoleBinding#

GET /api/v1/projects/<project_name>/rolebindings

URL query parameters:

  • name = <string> : should be used to filter the list of RoleBindings based on the prefix name.

Example:

The following query should return an empty list or a list containing roleBindings.

GET /api/v1/projects/<project_name>/rolebindings?name=ownerRB

Get a single RoleBinding#

GET /api/v1/projects/<project_name>/rolebindings/<rolebinding_name>

Create a single RoleBinding#

POST /api/v1/projects/<project_name>/rolebindings

Update a single RoleBinding#

PUT /api/v1/projects/<project_name>/rolebindings/<rolebinding_name>

Delete a single RoleBinding#

DELETE /api/v1/projects/<project_name>/rolebindings/<rolebinding_name>

GlobalRoleBinding#

Get a list of GlobalRoleBinding#

GET /api/v1/globalrolebindings

URL query parameters:

  • name = <string> : should be used to filter the list of RoleBinding based on the prefix name.

Example:

The following query should return an empty list or a list containing global rolebindings.

GET /api/v1/globalRoleBindings?name=adminRB

Get a single GlobalRoleBinding#

GET /api/v1/globalrolebindings/<name>

Create a single GlobalRoleBinding#

POST /api/v1/globalrolebindings

Update a single GlobalRoleBinding#

PUT /api/v1/globalrolebindings/<name>

Delete a single GlobalRoleBinding#

DELETE /api/v1/globalrolebindings/<name>