:loudspeaker: This page documents Kowl Business exclusive features.
A role binding grants the permissions defined in a role to a user or set of users. It holds a list of subjects (users or groups) and a reference to the role being granted. Optionally you can add metadata (key-value pairs) which may help you to manage your role bindings.
# Role Bindings are used to attach roles to single users or groups of users roleBindings: - metadata: # Metadata properties will be shown in the UI. You can omit it if you want to name: Developers creator: John Doe subjects: # You can specify all groups or users from different providers here which shall be bound to the same role - kind: group provider: Google name: email@example.com roleName: developer
This role binding binds all Google accounts which are a member of
firstname.lastname@example.org to the role named
developer. You can find a reference config for role bindings here.
:triangular_flag_on_post: In order to use groups for role bindings you need configure the RBAC Sync on Groups.
:triangular_flag_on_post: Users which have multiple roles assigned through role bindings will inherit the union of these roles' permissions.
Supported kinds are:
user. In the future there might be a third kind
Supported providers are:
Depending on your
name property may refer to different things. This is an overview to what it refers for every possible case:
||Google E-Mail address|
||Google Group Name (which is an E-Mail address)|
||GitHub||Login handle / GitHub username|
||GitHub||GitHub team name within your GitHub organization|
||Okta||Login handle / email|
||Okta||Okta Group ID (not name), e.g. "00gra1ajmZa1G1ks04x9"|