Questions tagged [rbac]

RBAC is short for Role Based Access Control, an authorization and access control model in which access to restricted resources is granted or denied based on whether the requester's identity is associated with one or more role classifications required by the restricted resource.

Traditionally, security systems have often been structured to specify which individuals are allowed to access each restricted resource. As the number of restricted resources and number of individuals grows, this quickly becomes difficult to administer. When a person leaves the organization or joins the organization, the person must be removed from or added to all the relevant access control lists.

In Role Based Access Control, a level of abstraction in inserted between the restricted resource and the identities permitted to use that resource. A role descriptor is defined, typically aligned with job function (operator, manager, etc). The role descriptor is added to the access control list of the restricted resources. Individual identities are associated with or tagged with the role descriptor. When access to a restricted resource is requested, access can be granted by checking to see if the requesting identity is associated with one or more of the role definitions permitted to access the resource.

In this configuration, the number of role descriptors is relatively small even when there are a large number of users or resources involved, making the overall system easier to manage and administer than direct-reference access control lists.

1107 questions

votes

8 answers

how to check whether RBAC is enabled, using kubectl

I'm trying to install a helm package on a kubernetes cluster which allegedly has RBAC disabled. I'm getting a permission error mentioning clusterroles.rbac.authorization.k8s.io, which is what I'd expect if RBAC was enabled. Is there a way to check…

kubernetes kubectl rbac

asked Jul 09 '18 at 05:56

falsePockets

3,826
4
18
37

votes

10 answers

Best Role-Based Access Control (RBAC) database model

What is the best database schema to track role-based access controls for a web application? I am using Rails, but the RBAC plugin linked by Google looks unmaintained (only 300 commits to SVN; latest was almost a year ago). The concept is simple…

ruby-on-rails permissions roles access-control rbac

asked Oct 10 '08 at 05:42

JasonSmith

72,674
22
123
149

votes

6 answers

List of Kubernetes RBAC rule verbs

I want to give my application limited access to get the replicas of different statefulsets (and maybe deployment) and if necessary scale them up or down. I have created ServiceAccount, Rolebinding and Role for this but I can't find the complete list…

kubernetes service-accounts rbac

asked Aug 26 '19 at 16:15

AVarf

4,481
9
47
74

votes

4 answers

How to view members of subject with Group kind

There is a default ClusterRoleBinding named cluster-admin. When I run kubectl get clusterrolebindings cluster-admin -o yaml I get: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: …

kubernetes kubectl rbac

asked Jul 31 '18 at 12:03

E235

11,560
24
91
141

votes

1 answer

How to design a hierarchical role based access control system

Basic deal is, we have a custom built "kickstart" for our projects. For this we are looking at redoing the user control. I know there are a lot of questions out there about general rbac, but I cannot find any on hierarchical rbac? Our requirements…

php mysql permissions hierarchy rbac

asked Apr 22 '13 at 04:59

Hailwood

89,623
107
270
423

votes

1 answer

Can I connect one service account to multiple namespaces in Kubernetes?

I have couple of namespaces - assume NS1 and NS2. I have serviceaccounts created in those - sa1 in NS1 and sa2 in NS2. I have created roles and rolebindings for sa1 to do stuff within NS1 and sa2 within NS2. What I want is give sa1 certain access…

kubernetes openshift kubectl rbac kubernetes-namespace

asked Dec 28 '18 at 15:07

rahul

3,018
4
29
28

votes

6 answers

How to view the permissions/roles associated with a specific service account in k8s?

I tried with the kubectl get sa default command, but only see some very basic values. What's the command to view the permissions/roles associated with a specific service account in k8s?

kubernetes rbac

asked Feb 09 '19 at 01:09

injoy

3,993
10
40
69

votes

4 answers

How can I retrieve all the roles (groups) a user is a member of?

Is there a way to get a list of roles a Windows authenticated user is in, without explicitly checking by WindowsPrincipal.IsInRole method?

.net windows-identity rbac windows-principal

asked Apr 17 '09 at 21:18

muratgu

7,241
3
24
26

votes

2 answers

How do you change MongoDB user permissions?

For instance, if I have this user: > db.system.users.find() { "user" : "testAdmin", "pwd" : "[some hash]", "roles" : [ "clusterAdmin" ], "otherDBRoles" : { "TestDB" : [ "readWrite" ] } } And I want to give that user the dbAdmin permissions on the…

mongodb rbac

asked May 13 '13 at 16:39

Ed Norris

4,233
5
27
29

votes

4 answers

Kubernetes namespace default service account

If not specified, pods are run under a default service account. How can I check what the default service account is authorized to do? Do we need it to be mounted there with every pod? If not, how can we disable this behavior on the namespace level…

kubernetes rbac

asked Oct 25 '18 at 18:34

Ijaz Ahmad

11,198
9
53
73

votes

2 answers

how to control access for pods/exec only in kubernetes rbac without pods create binded?

I checked the kubernetes docs, find that pods/exec resources has no verb, and do not know how to only control access for it? Since I create a pod, someone else need to access it use 'exec' but cannot create anything in my cluster. How to implement…

kubernetes rbac

asked Nov 24 '17 at 07:33

peteyuan

1,214
1
11
11

votes

2 answers

Granting a Kubernetes Service Account permissions for Secrets?

I have a Service Account which I'd like to grant permissions to read/write/update/delete Secrets within a specific namespace. I'm not clear about how exactly Service Accounts, Roles, Bindings, etc. work together to grant the right permissions. What…

kubernetes rbac

asked Oct 10 '18 at 15:54

user108471

2,488
3
28
41

votes

2 answers

Yii2 global filter/behavior to force user to authenticate first

In my Yii2 application I'm trying to force all users to be authenticated. If they're not already authenticated they should be redirected to the login page. In Yii1 I did this by creating a class that would check if a user was logged in and attaching…

php yii yii2 rbac

asked Sep 23 '14 at 14:47

Jap Mul

17,398
5
55
66

votes

2 answers

DB Schema of a Role Based Access Control

I'm currently developing a member administration for a local association here and I'm developing the database schema at the moment. I'd like to share it with you to improve it and give other an example of a Role Based Access Model (RBAC). I'd…

mysql credentials rbac db-schema

asked Sep 10 '10 at 16:43

sled

14,525
3
42
70

votes

3 answers

Spring Security and ABAC (Attribute Based Access Control)

We have a medium sized business app and we use Spring Security roles and permissions (RBAC) heavily with a big kludge to turn roles on and off for certain instances plus rules hidden in SpEL within @PreAuthorize tags. I think what we have actually…

spring-security rbac xacml abac

asked Aug 14 '15 at 07:40

salk31

2 3

…

73 74 Next