One can create Role
or ClusterRole
and assign it to user via RoleBinding
or ClusterRoleBinding
.
from user view that have a token, how to get all granted permissions or roles\rolebindings applied to him via kubectl
?
# Check to see if I can do everything in my current namespace ("*" means all)
kubectl auth can-i '*' '*'
# Check to see if I can create pods in any namespace
kubectl auth can-i create pods --all-namespaces
# Check to see if I can list deployments in my current namespace
kubectl auth can-i list deployments.extensions
you can get further information with kubectl auth --help
command
You can also impersonate as a different user to check their permission with the following flag --as
or --as-group
kubectl auth can-i create deployments --namespace default --as john.cena