how to retrieve current user granted RBAC with kubectl

7/12/2019

One can create Role or ClusterRole and assign it to user via RoleBinding or ClusterRoleBinding.

from user view that have a token, how to get all granted permissions or roles\rolebindings applied to him via kubectl?

-- wtayyeb
kubectl
kubernetes
rbac

1 Answer

7/12/2019
  # Check to see if I can do everything in my current namespace ("*" means all)
  kubectl auth can-i '*' '*'

  # Check to see if I can create pods in any namespace
  kubectl auth can-i create pods --all-namespaces

  # Check to see if I can list deployments in my current namespace
  kubectl auth can-i list deployments.extensions

you can get further information with kubectl auth --help command

You can also impersonate as a different user to check their permission with the following flag --as or --as-group

kubectl auth can-i create deployments --namespace default --as john.cena
-- Suresh Vishnoi
Source: StackOverflow